GhostScripter Amazon Shop search.php 跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109344 漏洞类型 跨站脚本
发布时间 2005-11-29 更新时间 2007-05-15
CVE编号 CVE-2005-3908 CNNVD-ID CNNVD-200511-492
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/26653
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200511-492
|漏洞详情
GhostScripterAmazonShop是一款网络购物程序。GhostScripterAmazonShop5.0.0以及5.0.2之前其他版本的search.php存在跨站脚本漏洞,可让远程攻击者通过query参数注入Web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/15634/info

GhostScripter Amazon Shop is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

GhostScripter Amazon Shop 5.0.0 and prior versions are vulnerable; other versions may also be affected. 


http://www.example.com/search.php?query=%3Cscript%3Ealert%28%27r0t%27%29%3C%2Fscript%3E&mode=all&imageField.x=21&imageField.y=4
|参考资料

来源:BID
名称:15634
链接:http://www.securityfocus.com/bid/15634
来源:OSVDB
名称:21371
链接:http://www.osvdb.org/21371
来源:VUPEN
名称:ADV-2005-2630
链接:http://www.frsirt.com/english/advisories/2005/2630
来源:VIM
名称:2007050921371:GhostScripterAmazonShopsearch.phpqueryVariableXSS(fwd)
链接:http://www.attrition.org/pipermail/vim/2007-May/001603.html
来源:SECUNIA
名称:17750
链接:http://secunia.com/advisories/17750
来源:MISC
链接:http://pridels0.blogspot.com/2005/11/amazon-shop-500-xss-vuln.html