Vbulletin Member.PHP 跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110488 漏洞类型 跨站脚本
发布时间 2006-06-20 更新时间 2006-07-12
CVE编号 CVE-2006-3253 CNNVD-ID CNNVD-200606-533
漏洞平台 PHP CVSS评分 2.6
|漏洞来源
https://www.exploit-db.com/exploits/28076
https://cxsecurity.com/issue/WLB-2006060159
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-533
|漏洞详情
**有争议**vBulletin3.5.x的member.php中的跨站脚本攻击(XSS)漏洞,可让远程攻击者通过u参数注入任意Web脚本或HTML。注意:供应商对此报告有争议,声称他们无法重现问题,并且"userid参数是通过我们的过滤系统作为没有符号的整数运行的"。
|漏洞EXP
source: http://www.securityfocus.com/bid/18551/info

Vbulletin is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. 

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

The vendor disputes this issue stating the vulnerable parameter is properly sanitized before being used.

http://www.example.com/vb/member.php?u=[XSS]
|参考资料

来源:BUGTRAQ
名称:20060620vBulletin<<--v3.5.X"member.php"CrossSiteScripting
链接:http://www.securityfocus.com/archive/1/archive/1/437817/100/0/threaded
来源:SECTRACK
名称:1016348
链接:http://securitytracker.com/id?1016348
来源:XF
名称:vbulletin-member-xss(27261)
链接:http://xforce.iss.net/xforce/xfdb/27261
来源:BID
名称:18551
链接:http://www.securityfocus.com/bid/18551
来源:BUGTRAQ
名称:20060623Re:vBulletin<<--v3.5.X"member.php"CrossSiteScripting
链接:http://www.securityfocus.com/archive/1/archive/1/438364/100/100/threaded
来源:OSVDB
名称:27508
链接:http://www.osvdb.org/27508
来源:SREASON
名称:1155
链接:http://securityreason.com/securityalert/1155