Microsoft 索引服务跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111009 漏洞类型 跨站脚本
发布时间 2006-09-12 更新时间 2006-10-02
CVE编号 CVE-2006-0032 CNNVD-ID CNNVD-200609-167
漏洞平台 Windows CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/28500
https://www.securityfocus.com/bid/19927
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-167
|漏洞详情
Microsoft索引服务可以为文件系统和虚拟Web服务器创建内容和属性的索引目录。 索引服务没有正确地验证查询参数,可能允许跨站脚本执行。 如果用户受骗访问了恶意站点的话,攻击者可能可以代表用户运行客户端脚本。该脚本可能欺骗内容、泄露信息或执行用户可以在受影响的网站上执行的任何操作。成功攻击要求可以通过IIS访问索引服务。
|漏洞EXP
source: http://www.securityfocus.com/bid/19927/info

Microsoft Indexing Service is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input before it is rendered to other users. 

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user, in the context of the victim's session. This could allow the attacker to perform actions on behalf of the victim, such as spoofing content or hijacking their session.

Microsoft Indexing Service is not installed or enabled by default. Even if installed, it is not accessible from Internet Information Services (IIS). This vulnerability affects only systems that have IIS and Indexing Service installed and that have the Indexing Service configured to be accessible from IIS through a web-based interface.

http://www.example.com/+ADw-SCRIPT+AD4-alert('XSS');+ADw-/SCRIPT+AD4-.htw?CiWebHitsFile=/iisstart.asp&CiRestriction=''
http://www.example.com/+ADw-SCRIPT+AD4-alert('XSS');+ADw-+AC8-SCRIPT+AD4-.ida

UTF-7("<") = +ADw-, +ADx-, +ADy-, +ADz-
UTF-7(">") = +AD4-, +AD5-, +AD6-, +AD7-
UTF-7("/") = +AC8-, +AC9-
|受影响的产品
Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Tablet PC Edition SP1 Microsoft Windows XP Tablet PC Edition Microsoft Windows XP Professional x64 Edition Microsoft Wind
|参考资料

来源:US-CERT
名称:TA06-255A
链接:http://www.us-cert.gov/cas/techalerts/TA06-255A.html
来源:US-CERT
名称:VU#108884
链接:http://www.kb.cert.org/vuls/id/108884
来源:BID
名称:19927
链接:http://www.securityfocus.com/bid/19927
来源:MS
名称:MS06-053
链接:http://www.microsoft.com/technet/security/Bulletin/MS06-053.mspx
来源:VUPEN
名称:ADV-2006-3564
链接:http://www.frsirt.com/english/advisories/2006/3564
来源:SECUNIA
名称:21861
链接:http://secunia.com/advisories/21861
来源:XF
名称:ms-indexing-service-xss(28651)
链接:http://xforce.iss.net/xforce/xfdb/28651
来源:BUGTRAQ
名称:20061001MicrosoftInternetInformationServicesUTF-7XSSVulnerability[MS06-053]
链接:http://www.securityfocus.com/archive/1/archive/1/447511/100/0/threaded
来源:BUGTRAQ
名称:20061002IEUXSS(UniversalXSSinIE,wasRe:MicrosoftInternetInformationServicesUTF-7XSSVulnerability[MS06-053])
链接:http://www.securityfocus.com/archive/1/archive/1/447509/100/0/threaded
来源:HP
名称:SSRT061187
链接:http://www.securityfocus.com/archive/1/archive/1/446630/100/100/threaded
来源:MISC
链接:http://www.geocities.j