PHP-Nuke多个输入验证漏洞

PHP-Nuke多个输入验证漏洞

漏洞ID 1107994 漏洞类型 跨站脚本
发布时间 2004-06-11 更新时间 2005-10-25
图片[1]-PHP-Nuke多个输入验证漏洞-安全小百科CVE编号 CVE-2004-2293
图片[2]-PHP-Nuke多个输入验证漏洞-安全小百科CNNVD-ID CNNVD-200412-416
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/24191
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-416
|漏洞详情
PHP-Nuke6.0到7.3存在多个跨站脚本(XSS)漏洞。远程攻击者可以借助Encyclopedia模块中的(1)eid参数或(2)query参数,(3)Reviews模块中preview_review函数,正如url、cover、rlanguage和hits参数,或者(4)Reviews模块中的savecomment函数如uname参数来注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/10524/info
 
PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application:
 
PHP-Nuke is prone to multiple cross-site scripting vulnerabilities. These issues affect the 'Faq', 'Encyclopedia' and 'Reviews' modules.
 
These cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the Web browser of the victim computer.
 
PHP-Nuke is prone to an SQL Injection Vulnerability. Again the issue is due to a failure of the application to properly sanitize user-supplied input. The problem presents itself when SQL syntax is passed through the a parameter of the 'Reviews' module.
 
As a result of this issue an attacker could modify the logic and structure of database queries.
 
Finally a remote denial of service vulnerability is reported to exist in the score subsystem of the 'Review' module of PHP-Nuke, it is reported that a large number supplied as a value for a parameter passed to the 'Reviews' module will deny service to legitimate PHP-Nuke users. 

http://www.example.com/nuke73/modules.php?name=Encyclopedia&op=terms&eid=1&ltr=[xss code here]
http://www.example.com/nuke73/modules.php?name=Encyclopedia&file=search&eid=[xss code here]
http://www.example.com/nuke73/modules.php?name=Encyclopedia&file=search&query=f00bar&eid=[xss code here]
http://www.example.com/nuke73/modules.php?name=Encyclopedia&op=content&tid=774&page=2&query=[xss code here]
|参考资料

来源:XF
名称:phpnuke-faq-encyclopedia-xss(16406)
链接:http://xforce.iss.net/xforce/xfdb/16406
来源:BID
名称:10524
链接:http://www.securityfocus.com/bid/10524
来源:BUGTRAQ
名称:20040611[waraxe-2004-SA#032-MultiplesecurityflawsinPhpNuke6.x-7.3]
链接:http://www.securityfocus.com/archive/1/365865
来源:OSVDB
名称:6999
链接:http://www.osvdb.org/6999
来源:OSVDB
名称:6998
链接:http://www.osvdb.org/6998
来源:OSVDB
名称:6997
链接:http://www.osvdb.org/6997
来源:SECUNIA
名称:11852
链接:http://secunia.com/advisories/11852

相关推荐: Microsoft IE VBScript读取任意文件漏洞(MS02-009)

Microsoft IE VBScript读取任意文件漏洞(MS02-009) 漏洞ID 1204702 漏洞类型 设计错误 发布时间 2002-02-21 更新时间 2005-05-02 CVE编号 CVE-2002-0052 CNNVD-ID CNNVD-…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享