Grayscale BandSite CMS多个跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111099 漏洞类型 跨站脚本
发布时间 2006-09-21 更新时间 2006-09-27
CVE编号 CVE-2006-4985 CNNVD-ID CNNVD-200609-433
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/28638
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-433
|漏洞详情
GrayscaleBandSiteCMS中存在多个跨站脚本攻击漏洞。远程攻击者可借助以下方式注入任意Web脚本或HTML,adminpanel/includes/helpfiles/help_mp3.php中的max_file_size_purdy参数,adminpanel/includes/mailinglist/sendemail.php中的message_text参数,includes/footer.php中的this_year参数和adminpanel/includes/helpfiles/help_news.php、adminpanel/includes/helpfiles/help_merch.php、adminpanel/includes/header.php和adminpanel/login_header.php中的the_band参数;以及包括bio_content.php、gbook_content.php、interview_content.php、links_content.php、lyrics_content.php、member_content.php、merch_content.php、mp3_content.php、news_content.php、pastshows_content.php、photo_content.php、releases_content.php、reviews_content.php、shows_content.php和signgbook_content.php的includes/content/文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/20137/info
                     
Grayscale BandSite CMS is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data.
                     
These issues may allow an attacker to access sensitive information, execute arbitrary server-side script code in the context of the affected webserver, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This could help the attacker steal cookie-based authentication credentials; other attacks are possible.
                     
Version 1.1.0 is vulnerable; other versions may also be affected.

http://www.example.com/includes/footer.php?this_year=<script>alert(document.cookie);</script>
|参考资料

来源:BID
名称:20137
链接:http://www.securityfocus.com/bid/20137
来源:BUGTRAQ
名称:20060921GrayscaleBandSiteCMSMultipleInputValidationVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/446576/100/0/threaded
来源:SREASON
名称:1634
链接:http://securityreason.com/securityalert/1634
来源:SECUNIA
名称:21992
链接:http://secunia.com/advisories/21992