Web Fresh Fresh Guest Book HTML注入漏洞

Web Fresh Fresh Guest Book HTML注入漏洞

漏洞ID 1107850 漏洞类型 跨站脚本
发布时间 2004-03-29 更新时间 2005-10-20
图片[1]-Web Fresh Fresh Guest Book HTML注入漏洞-安全小百科CVE编号 CVE-2004-1867
图片[2]-Web Fresh Fresh Guest Book HTML注入漏洞-安全小百科CNNVD-ID CNNVD-200412-168
漏洞平台 CGI CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/23890
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-168
|漏洞详情
FreshGuestBook的guest.cgi存在跨站脚本(XSS)漏洞。远程攻击者可以借助Name字段注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/9995/info

It has been reported that Fresh Guest Book is prone to a remote HTML injection vulnerability. This issue is due to a failure of the application to properly sanitize user supplied form input.

An attacker may exploit the aforementioned vulnerabilities to execute arbitrary script code in the browser of an unsuspecting user. It may be possible to steal the unsuspecting user's cookie-based authentication credentials, as well as other sensitive information. Other attacks may also be possible. 

<script>alert('xss');</script>
|参考资料

来源:XF
名称:freshguestbook-guest-xss(15649)
链接:http://xforce.iss.net/xforce/xfdb/15649
来源:BID
名称:9995
链接:http://www.securityfocus.com/bid/9995
来源:BUGTRAQ
名称:20040328vuln
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108057935827431&w;=2

相关推荐: Microsoft Internet Explorer Zone Spoofing Vulnerability

Microsoft Internet Explorer Zone Spoofing Vulnerability 漏洞ID 1102821 漏洞类型 Input Validation Error 发布时间 2001-10-10 更新时间 2001-10-10 C…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享