Siteframe Beaumont Page.PHP 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1109766 漏洞类型 跨站脚本
发布时间 2006-02-16 更新时间 2006-02-20
CVE编号 CVE-2006-0783 CNNVD-ID CNNVD-200602-300
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/27243
https://cxsecurity.com/issue/WLB-2006020049
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-300
|漏洞详情
SiteframeBeaumont5.0.2或5.0.1a版的page.php中存在跨站脚本攻击漏洞。远程攻击者可以借助指向用户注释页面(/edit/Comment)的comment_text参数注入任意Web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/16695/info

Siteframe Beaumont is prone to an HTML-injection vulnerability. The application fails to properly sanitize user-supplied input before using it in dynamically generated content. 

Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible. 

This issue is reported to affect Siteframe Beaumont versions 5.0.2 and earler; other versions may also be vulnerable.

An example HTTP POST request has been provided:

http://www.example.com/edit/Comment
POST /edit/Comment HTTP/1.1
Host: www.example.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.12) Gecko/20050919 Firefox/1.0.7
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: it,it-it;q=0.8,en-us;q=0.5,en;q=0.3
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 167
comment_id=&comment_user_id=554&comment_page_id=116&comment_reply_to=&comment_subject=Kiki&comment_text=H
i&_submitted=1
|参考资料

来源:BID
名称:16695
链接:http://www.securityfocus.com/bid/16695
来源:BUGTRAQ
名称:20060216SiteframeBeaumont5.0.2<==UserCommentCross-SiteScriptingVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/425180/100/0/threaded
来源:XF
名称:siteframe-comment-xss(24836)
链接:http://xforce.iss.net/xforce/xfdb/24836
来源:OSVDB
名称:23267
链接:http://www.osvdb.org/23267
来源:SREASON
名称:443
链接:http://securityreason.com/securityalert/443
来源:SECUNIA
名称:18892
链接:http://secunia.com/advisories/18892