Spyce Sample Scripts 多个跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112244 漏洞类型 跨站脚本
发布时间 2007-02-19 更新时间 2008-09-05
CVE编号 CVE-2008-0980 CNNVD-ID CNNVD-200802-465
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/31268
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200802-465
|漏洞详情
Spyce-PythonServerPages(PSP)存在多个跨站脚本漏洞。远程攻击者可以借助以下几种方式注入任意的Web脚本或HTML;(1)docs/examples/redirect.spy的url或type参数;(2)docs/examples/handlervalidate.spy的x参数;(3)spyce/examples/request.spy的name参数;(4)spyce/examples/getpost.spy的name参数;(5)spyce/examples/formtag.spy的mytextarea参数、mypass参数或者一个empty参数;(6)demos/chat/下的默认的URI的newline参数;(7)docs/examples/formintro.spy的text1参数;或者(8)docs/examples/formtag.spy的mytext或mydate参数。
|漏洞EXP
source: http://www.securityfocus.com/bid/27898/info
   
Spyce is prone to multiple input-validation vulnerabilities that can lead to information disclosure or client-side script execution.
   
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. The attacker can also obtain a server's webroot path.
   
The issues affect Spyce 2.1.3; other versions may also be vulnerable. 

http://www.example.com/spyce/examples/getpost.spy?Name="/><SCRIPT>alert('Can%20Cross%20Site%20Attack')</SCRIPT>
|参考资料

来源:BID
名称:27898
链接:http://www.securityfocus.com/bid/27898
来源:BUGTRAQ
名称:20080219PR08-01:SeveralXSS,across-domainredirectandawebrootdisclosureonSpyce-PythonServerPages(PSP)
链接:http://www.securityfocus.com/archive/1/archive/1/488336/100/0/threaded
来源:MISC
链接:http://www.procheckup.com/Vulnerability_PR08-01.php
来源:SREASON
名称:3699
链接:http://securityreason.com/securityalert/3699