Limbo CMS多个输入验证漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109452 漏洞类型 跨站脚本
发布时间 2005-12-14 更新时间 2005-12-19
CVE编号 CVE-2005-4317 CNNVD-ID CNNVD-200512-362
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/26836
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200512-362
|漏洞详情
LimboCMS1.0.4.2及更早版本在register_globalsoff的情况下不能防止从外部修改$_SERVER变量,远程攻击者可以通过index2.phpwrapper选项中的eval注入攻击,使用_SERVER[REMOTE_ADDR]参数(1)在stats模块中实施跨站脚本(XSS)攻击或(2)执行任意代码。
|漏洞EXP
source: http://www.securityfocus.com/bid/15871/info

Limbo CMS is prone to multiple input validation vulnerabilities. These issues can allow attackers to carry out cross-site scripting, SQL injection, and local file include attacks.

Limbo CMS versions 1.0.4.2 and prior are affected by these vulnerabilities. 

http://www.example.com/[path]/?_SERVER[]=&_SERVER[REMOTE_ADDR]=<script>alert(document.cookie)</script>
|参考资料

来源:VUPEN
名称:ADV-2005-2932
链接:http://www.frsirt.com/english/advisories/2005/2932
来源:SECUNIA
名称:18063
链接:http://secunia.com/advisories/18063/
来源:BID
名称:15871
链接:http://www.securityfocus.com/bid/15871/
来源:BUGTRAQ
名称:20051214LIMBOCMS<=v1.0.4.2_SERVER[]arrayoverwrite/remotecodeexecution
链接:http://www.securityfocus.com/archive/1/archive/1/419470/100/0/threaded
来源:SECTRACK
名称:1015364
链接:http://securitytracker.com/id?1015364
来源:MISC
链接:http://rgod.altervista.org/limbo1042_xpl.html
来源:OSVDB
名称:21756
链接:http://www.osvdb.org/21756
来源:OSVDB
名称:21754
链接:http://www.osvdb.org/21754
来源:SREASON
名称:255
链接:http://securityreason.com/securityalert/255