Simple Machines Forum 大小标签HTML注入漏洞

Simple Machines Forum 大小标签HTML注入漏洞

漏洞ID 1107933 漏洞类型 跨站脚本
发布时间 2004-05-05 更新时间 2005-10-20
图片[1]-Simple Machines Forum 大小标签HTML注入漏洞-安全小百科CVE编号 CVE-2004-1996
图片[2]-Simple Machines Forum 大小标签HTML注入漏洞-安全小百科CNNVD-ID CNNVD-200405-041
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/24082
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200405-041
|漏洞详情
SimpleMachinesForum(SMF)1.0版本存在跨站脚本漏洞。远程攻击者借助size标签注入任意web脚本。
|漏洞EXP
source: http://www.securityfocus.com/bid/10281/info

It has been reported that Simple Machines Forum (SMF) may be prone to an HTML injection vulnerability that may allow an attacker to execute arbitrary HTML or script code in a user's browser. The issue exists due to insufficient sanitization of user-supplied input via the font size attribute.

Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.

An attacker could reportedly post content to the forums containing:

[size=expression(alert(document.cookie))]Content[/size]

With the limit that the forum software filters out quotes, apostrophes and semicolons.

Another method that circumvents the software filtering would be to post content such as:

[size=expression(eval(unescape(document.URL.substring(document.URL.length-34,document.URL.length))))]Content[/size]

then get the victim to follow:

http://www.example.com/index.php?topic=12345.0&alert('cookie:n'+document.cookie)

Where the '12345.0' is the topic containing the previously posted content. The victim's browser would execute the last 34 characters (as specified in the previously posted 'length-34' content).
|参考资料

来源:XF
名称:smf-size-html-injection(16067)
链接:http://xforce.iss.net/xforce/xfdb/16067
来源:BID
名称:10281
链接:http://www.securityfocus.com/bid/10281
来源:BUGTRAQ
名称:20040505SMFSIZETagScriptInjectionVulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=108377364615934&w;=2

相关推荐: WebBBS Pro 1.18 – GET Denial of Service

WebBBS Pro 1.18 – GET Denial of Service 漏洞ID 1053954 漏洞类型 发布时间 2003-06-12 更新时间 2003-06-12 CVE编号 N/A CNNVD-ID N/A 漏洞平台 Windows CVSS…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享