Uebimiau Webmail 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113048 漏洞类型 跨站脚本
发布时间 2007-05-29 更新时间 2007-06-13
CVE编号 CVE-2007-3170 CNNVD-ID CNNVD-200706-154
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/30097
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200706-154
|漏洞详情
UebimiauWebmail中存在多个跨站脚本攻击漏洞。远程攻击者可以借助提交到redirect.php的(1)PATH_INFO或到demo/pop3/error.php的(2)selected_theme参数,注入任意的web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/24210/info

Uebimiau is prone to multiple input-validation vulnerabilities, including cross-site scripting issues and an information-disclosure issue, because the application fails to properly sanitize user-supplied input.

Attackers can exploit these issues to steal cookie-based authentication credentials, to control how the site is rendered to the user, or to gain access to information that could aid in further attacks.

Uebimiau 2.7.2 and 2.7.10 are vulnerable; other versions may also be affected. 

http://www.example.org/demo/pop3/error.php?selected_theme=%3Cscript%3Ealert(document.cookie)%3C/script%3E
|参考资料

来源:XF
名称:uebimiau-redirect-error-xss(34553)
链接:http://xforce.iss.net/xforce/xfdb/34553
来源:BID
名称:24210
链接:http://www.securityfocus.com/bid/24210
来源:OSVDB
名称:37464
链接:http://osvdb.org/37464
来源:OSVDB
名称:37463
链接:http://osvdb.org/37463
来源:FULLDISC
名称:20070528UebimiauWebmailMultipleVulnerabilities
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2007-May/063629.html