https://www.exploit-db.com/exploits/24138
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200405-056

e107版本的stats.php存在跨站脚本漏洞。远程攻击者借助参照页log.php参数注入任意web脚本或者HTML。

source: http://www.securityfocus.com/bid/10395/info

It is reported that e107 website system is prone to a remote HTML injection vulnerability. This issue is due to a failure by the application to properly sanitize user-supplied input.

The problem presents itself when a user supplies malicious HTML or script code to the application using a URI parameter of the log.php script. The application stores the injected HTML code, which is then rendered in the browser of an unsuspecting user whenever the log page of the affected site is viewed.

http://www.example.com/e107_plugins/log/log.php?referer=code<br>goes<here>&color=24&eself=http://www.example.com/stats.php&res=1341X1341

来源:XF
名称:e107-log-xss(16231)
链接:http://xforce.iss.net/xforce/xfdb/16231
来源:BID
名称:10395
链接:http://www.securityfocus.com/bid/10395
来源:SECUNIA
名称:11693
链接:http://secunia.com/advisories/11693
来源:BUGTRAQ
名称:20040521e107webportalReferersHTTPInjection
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108515632622796&w;=2
来源:OSVDB
名称:6345
链接:http://www.osvdb.org/6345