ToendaCMS 搜索id 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112690 漏洞类型 跨站脚本
发布时间 2007-04-12 更新时间 2007-04-12
CVE编号 CVE-2007-1872 CNNVD-ID CNNVD-200704-258
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/29849
https://www.securityfocus.com/bid/23453
https://cxsecurity.com/issue/WLB-2007040075
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200704-258
|漏洞详情
toendaCMS存在跨站脚本攻击漏洞。远程攻击者可以借助搜索id中的搜索子参数,注入任意的web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/23453/info

ToendaCMS is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

This issue affects ToendaCMS 1.5.3; other versions may also be affected. 

<form action="http://toendainstallation/" method="post">
 <input type="hidden" name="searchword" value='"><script>alert(1)</script>'>
 <input type="hidden" name="id" value="search">
 <input type="submit"></form>
|受影响的产品
toendaCMS toendaCMS 1.5.3
|参考资料

来源:BID
名称:23453
链接:http://www.securityfocus.com/bid/23453
来源:BUGTRAQ
名称:20070411CVE-2007-1872:CrosssitescriptingintoendaCMS1.5.3
链接:http://www.securityfocus.com/archive/1/archive/1/465487/100/0/threaded
来源:VUPEN
名称:ADV-2007-1372
链接:http://www.frsirt.com/english/advisories/2007/1372
来源:SECUNIA
名称:24869
链接:http://secunia.com/advisories/24869
来源:OSVDB
名称:34898
链接:http://osvdb.org/34898
来源:MISC
链接:http://int21.de/cve/CVE-2007-1872-toendacms.txt
来源:XF
名称:toendacms-search-xss(33622)
链接:http://xforce.iss.net/xforce/xfdb/33622
来源:SREASON
名称:2568
链接:http://securityreason.com/securityalert/2568