PHPNuke多模块跨站脚本漏洞

PHPNuke多模块跨站脚本漏洞

漏洞ID 1107993 漏洞类型 跨站脚本
发布时间 2004-06-11 更新时间 2005-10-25
图片[1]-PHPNuke多模块跨站脚本漏洞-安全小百科CVE编号 CVE-2005-1023
图片[2]-PHPNuke多模块跨站脚本漏洞-安全小百科CNNVD-ID CNNVD-200505-156
漏洞平台 Java CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/24190
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-156
|漏洞详情
PHP-Nuke6.x至7.6中的多个跨站脚本攻击(XSS)漏洞,允许远程攻击者通过(1)Search模块的min参数,(2)FAQ模块的categories参数或者(3)Encyclopedia模块的ltr参数来注入任意Web脚本或HTML。注:banners.php中的bid参数问题已成为CVE-2005-1000中的一项。
|漏洞EXP
source: http://www.securityfocus.com/bid/10524/info

PHP-Nuke is prone to multiple vulnerabilities. The issues result from insufficient sanitization of user-supplied data. The following specific issues can affect the application:

PHP-Nuke is prone to multiple cross-site scripting vulnerabilities. These issues affect the 'Faq', 'Encyclopedia' and 'Reviews' modules.

These cross-site scripting issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If a user follows the malicious link, the attacker-supplied code executes in the Web browser of the victim computer.

PHP-Nuke is prone to an SQL Injection Vulnerability. Again the issue is due to a failure of the application to properly sanitize user-supplied input. The problem presents itself when SQL syntax is passed through the a parameter of the 'Reviews' module.

As a result of this issue an attacker could modify the logic and structure of database queries.

Finally a remote denial of service vulnerability is reported to exist in the score subsystem of the 'Review' module of PHP-Nuke, it is reported that a large number supplied as a value for a parameter passed to the 'Reviews' module will deny service to legitimate PHP-Nuke users. 

http://www.example.com/nuke73/modules.php?name=FAQ&myfaq=yes&id_cat=1&categories=[xss code here]
|参考资料

来源:XF
名称:phpnuke-modulesphp-xss(19952)
链接:http://xforce.iss.net/xforce/xfdb/19952
来源:BUGTRAQ
名称:20050403FullpathdisclosureandXSSinPHPNuke
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111263454308478&w;=2
来源:MISC
链接:http://www.securityreason.com/adv/PHPNuke%206.x-7.6-p1.txt

相关推荐: Adobe SVG Viewer 3.0 – ActiveX Control SRC Information Disclosure

Adobe SVG Viewer 3.0 – ActiveX Control SRC Information Disclosure 漏洞ID 1055082 漏洞类型 发布时间 2005-05-04 更新时间 2005-05-04 CVE编号 N/A CNNV…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享