TUTOS多个跨站脚本(XSS)漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107388 漏洞类型 跨站脚本
发布时间 2003-06-20 更新时间 2003-08-07
CVE编号 CVE-2003-0481 CNNVD-ID CNNVD-200308-002
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/22818
https://www.securityfocus.com/bid/82761
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200308-002
|漏洞详情
TUTOS1.1版本存在多个跨站脚本(XSS)漏洞。远程攻击者利用该漏洞插入任意web脚本,如使用file_select.php的msg参数。
|漏洞EXP
source: http://www.securityfocus.com/bid/8011/info

It has been reported that Tutos does not properly handle input to the file_select script. Because of this, an attacker may be able to execute code in the browser of another user with the privileges of the vulnerable site.

http://www.example.com/tutos/file/file_select.php?msg=<hostile code>
|受影响的产品
Gero Kohnert Tutos 1.1
|参考资料

来源:BUGTRAQ
名称:20030623[KSA-001]MultiplevulnerabilitiesinTutos
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105638743109781&w=2
来源:BUGTRAQ
名称:20030623[KSA-001]MultiplevulnerabilitiesinTutos
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=105638743109781&w=2