TextFileBB 多个跨站脚本攻击(XSS) 漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110167 漏洞类型 跨站脚本
发布时间 2006-04-29 更新时间 2006-05-04
CVE编号 CVE-2006-2143 CNNVD-ID CNNVD-200605-039
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/27782
https://cxsecurity.com/issue/WLB-2006050025
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-039
|漏洞详情
TextFileBB1.0.16存在多个跨站脚本攻击(XSS)漏洞。远程攻击者可以借助诸如(1)color,(2)size或(3)urlbbcodetag中的"onmouseover"等Javascript事件,注入任意Web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/17750/info

TextFileBB is prone to multiple script-injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before including it in dynamically generated content. 

Attacker-supplied HTML and script code would be able to access properties of the site, potentially allowing the attacker to steal cookie-based authentication credentials. Other attacks are also possible. 

These issues are reported to affect version 1.0.16; other versions may also be vulnerable.

[code][.color=#00F"onMouseOver='alert(/xss/)' x="]h0n0[/color][/code]
[code][.size=7" OnMouseOver="alert(/xss/)]Clicky Here [/size][/code]
[code][.url=http://" OnMouseOver="alert(/xss/)]hmm[/url][/code]
|参考资料

来源:BID
名称:17750
链接:http://www.securityfocus.com/bid/17750
来源:BUGTRAQ
名称:20060429TextFileBB1.0.16MultipleXSS
链接:http://www.securityfocus.com/archive/1/archive/1/432461/100/0/threaded
来源:SECUNIA
名称:19883
链接:http://secunia.com/advisories/19883
来源:XF
名称:textfilebb-bbcode-tags-xss(26129)
链接:http://xforce.iss.net/xforce/xfdb/26129
来源:OSVDB
名称:25123
链接:http://www.osvdb.org/25123
来源:SECTRACK
名称:1016013
链接:http://securitytracker.com/id?1016013
来源:SREASON
名称:828
链接:http://securityreason.com/securityalert/828