Uapplication Ublog跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1108592 漏洞类型 跨站脚本
发布时间 2005-03-29 更新时间 2006-08-22
CVE编号 CVE-2005-0925 CNNVD-ID CNNVD-200505-545
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/25317
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-545
|漏洞详情
UblogReload1.0至1.0.4的login.asp存在跨站脚本攻击(XSS)漏洞,远程攻击者通过msg参数注入任意Web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/12931/info

Ublog is affected by a cross-site scripting vulnerability.

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks.

Ublog 1.0.4 and prior versions are reportedly affected by this issue. 

http://www.example.com/login.asp?msg=<script>alert(XSS)</script>
|参考资料

来源:SECTRACK
名称:1013603
链接:http://securitytracker.com/id?1013603
来源:BID
名称:12931
链接:http://www.securityfocus.com/bid/12931
来源:MISC
链接:http://www.persianhacker.net/news/news-2945.html
来源:OSVDB
名称:15121
链接:http://www.osvdb.org/15121
来源:SECUNIA
名称:14725
链接:http://secunia.com/advisories/14725
来源:BUGTRAQ
名称:20050329[PersianHacker.NET200503-11]Ublogreload1.0.4andprior
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=111214393101387&w=2