Kayako Esupport多个跨站脚本和SQL注入漏洞

23次阅读
没有评论

Kayako Esupport多个跨站脚本和SQL注入漏洞

漏洞ID 1108376 漏洞类型 跨站脚本
发布时间 2004-12-18 更新时间 2005-10-20
Kayako Esupport多个跨站脚本和SQL注入漏洞CVE编号 CVE-2004-1412
Kayako Esupport多个跨站脚本和SQL注入漏洞CNNVD-ID CNNVD-200412-248
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/25037
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-248
|漏洞详情
KayakoeSupport2.x版本中的index.php存在跨站脚本(XSS)漏洞。远程攻击者可以借助searchm参数注入任意web脚本。
|漏洞EXP
source: http://www.securityfocus.com/bid/12037/info

Kayako eSupport is prone to multiple input validation vulnerabilities. One cross-site scripting and six SQL injection vulnerabilities.

These issues may collectively threaten compromise of software and database security properties. Possible attacks include theft of cookie-based authentication credentials, exposure or modification of database information, and a potential for attacks against the underlying database implementation. 

http://www.example.com/index.php?_a=knowledgebase&_j=search&searchm=[CODEGOESHERE]
|参考资料

来源:XF
名称:kayako-index-xss(18571)
链接:http://xforce.iss.net/xforce/xfdb/18571
来源:BID
名称:12037
链接:http://www.securityfocus.com/bid/12037
来源:www.gulftech.org
链接:http://www.gulftech.org/?node=research&article;_id=00056-12182004
来源:BUGTRAQ
名称:20041218MultipleVulnerabilitiesInKayakoeSupportv2.x
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110352428607171&w;=2

相关推荐: Microsoft ISA Server Web Proxy Malformed SSL Packet Remote Denial of Service Vulnerability

Microsoft ISA Server Web Proxy Malformed SSL Packet Remote Denial of Service Vulnerability 漏洞ID 1100511 漏洞类型 Failure to Handle Exc…

正文完
 0