osCommerce多个跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111188 漏洞类型 跨站脚本
发布时间 2006-10-04 更新时间 2006-10-23
CVE编号 CVE-2006-5190 CNNVD-ID CNNVD-200610-114
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/28759
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200610-114
|漏洞详情
osCommerce2.2Milestone2Update060817中的多个跨站脚本攻击漏洞,远程攻击者可以通过(1)在(a)banner_manager.php,(b)banner_statistics.php,(c)countries.php,(d)currencies.php,(e)languages.php,(f)manufacturers.php,(g)newsletters.php,(h)orders_status.php,(i)products_attributes.php,(j)products_expected.php,(k)reviews.php,(l)specials.php,(m)stats_products_purchased.php,(n)stats_products_viewed.php,(o)tax_classes.php,(p)tax_rates.php或(q)/admin下zones.php脚本中的page参数,以及(2)在(r)admin/geo_zones.php中的zpage参数来注入任意的Web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/20343/info
               
osCommerce is prone to multiple cross-site scripting vulnerabilities.
               
An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
          
http://www.example.com/catalog/admin/zones.php?page=1[XSS-code]
|参考资料

来源:XF
名称:oscommerce-page-xss(29355)
链接:http://xforce.iss.net/xforce/xfdb/29355
来源:BID
名称:20343
链接:http://www.securityfocus.com/bid/20343
来源:VUPEN
名称:ADV-2006-3917
链接:http://www.frsirt.com/english/advisories/2006/3917
来源:SECTRACK
名称:1016979
链接:http://securitytracker.com/id?1016979
来源:SECUNIA
名称:22275
链接:http://secunia.com/advisories/22275
来源:MISC
链接:http://lostmon.blogspot.com/2006/10/oscommerce-multiple-scripts-page-param.html
来源:OSVDB
名称:29811
链接:http://www.osvdb.org/29811
来源:OSVDB
名称:29810
链接:http://www.osvdb.org/29810
来源:OSVDB
名称:29809
链接:http://www.osvdb.org/29809
来源:OSVDB
名称:29808
链接:http://www.osvdb.org/29808
来源:OSVDB
名称:29807
链接:http://www.osvdb.org/29807
来源:OSVDB
名称:29806
链接:http://www.osvdb.org/29806
来源:OSVDB
名称:29805
链接:http://www.osvdb.org/29805
来源:OSVDB
名称:29804
链接:http://www.osvdb.org/29804
来源:OSVDB
名称:29803
链接:http://www.osvdb.org/29803
来源:OSVDB
名称:29802
链接:http://www.osvdb.org/29802
来源:OSVDB
名称:29801
链接:http://www.osvdb.org/29801
来源:OSVDB
名称:29800
链接:http://www.osvdb.or