WebHost Automation Helm控制面板多个输入验证漏洞-安全小百科

WebHost Automation Helm控制面板多个输入验证漏洞

漏洞ID	1108259	漏洞类型	跨站脚本
发布时间	2004-11-02	更新时间	2005-10-20
CVE编号	CVE-2004-1499	CNNVD-ID	CNNVD-200412-761
漏洞平台	ASP	CVSS评分	4.3

|漏洞来源

https://www.exploit-db.com/exploits/24717
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-761

|漏洞详情

HELM3.1.19及其更早版本的撰写信息窗体存在跨站脚本攻击（XSS）漏洞。远程攻击者可以借助Subject字段执行任意web脚本或HTML。

|漏洞EXP

source: http://www.securityfocus.com/bid/11586/info

Helm Control Panel is reported prone to multiple vulnerabilities. These include an SQL injection issue and an HTML injection vulnerability. A remote attacker can execute arbitrary HTML and script code in a user's browser. Manipulation of SQL queries to reveal or corrupt sensitive database data is possible as well.

Helm Control Panel versions 3.1.19 and prior are reported vulnerable to these issues.

xxxx',10,0); insert into account(accountnumber,accounttype,accountpassword) values('root',0,'');--

|参考资料

来源:SECUNIA
名称:13079
链接:http://secunia.com/advisories/13079
来源:XF
名称:helm-subject-xss(17943)
链接:http://xforce.iss.net/xforce/xfdb/17943
来源:BID
名称:11586
链接:http://www.securityfocus.com/bid/11586
来源:www.hat-squad.com
链接:http://www.hat-squad.com/en/000077.html
来源:BUGTRAQ
名称:20041102[Hat-Squad]SQLinjectionandXSSVulnerabilitiesinHELM
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109943858026542&w;=2

相关推荐: FreeBSD Package Add Insecure Temporary Directory Creation Vulnerability

FreeBSD Package Add Insecure Temporary Directory Creation Vulnerability 漏洞ID 1102614 漏洞类型 Access Validation Error 发布时间 2002-01-04 …

文章版权归作者所有，未经允许请勿转载。

THE END