Moodle Index.PHP 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113233 漏洞类型 跨站脚本
发布时间 2007-07-02 更新时间 2008-12-30
CVE编号 CVE-2007-3555 CNNVD-ID CNNVD-200707-060
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/30261
https://www.securityfocus.com/bid/24748
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200707-060
|漏洞详情
Moodle1.7.1版本的index.php中存在跨站脚本攻击漏洞。远程攻击者可以借助搜索参数中的表达式注入任意web脚本或HTML。该漏洞不同于CVE-2004-1424。
|漏洞EXP
source: http://www.securityfocus.com/bid/24748/info

Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.

Exploiting this vulnerability may allow an attacker to perform cross-site scripting attacks on unsuspecting users in the context of the affected website. As a result, the attacker may be able to steal cookie-based authentication credentials and to launch other attacks.

This issue affects Moodle 1.7.1; other versions may also be vulnerable. 

http://www.example.com/user/index.php?contextid=4&roleid=0&id=2&group=&perpage=20&search=%22style=xss:expression(alert(document.cookie))%20
|受影响的产品
Moodle moodle 1.7.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.
|参考资料

来源:XF
名称:moodle-search-xss(35239)
链接:http://xforce.iss.net/xforce/xfdb/35239
来源:BUGTRAQ
名称:20070703MoodleXSS/LiesbethbaseCMSsensitiveinformationdisclosure
链接:http://www.securityfocus.com/archive/1/archive/1/472727/100/0/threaded
来源:DEBIAN
名称:DSA-1691
链接:http://www.debian.org/security/2008/dsa-1691
来源:MISC
链接:http://websecurity.com.ua/1045/
来源:MISC
链接:http://securityvulns.ru/Rdocument391.html
来源:SECTRACK
名称:1018333
链接:http://www.securitytracker.com/id?1018333
来源:BID
名称:24748
链接:http://www.securityfocus.com/bid/24748
来源:OSVDB
名称:36366
链接:http://www.osvdb.org/36366
来源:tracker.moodle.org
链接:http://tracker.moodle.org/secure/IssueNavigator.jspa?mode=hide&requestId=10252
来源:tracker.moodle.org
链接:http://tracker.moodle.org/browse/MDL-10341
来源:SREASON
名称:2857
链接:http://securityreason.com/securityalert/2857
来源:SECUNIA
名称:25929
链接:http://secunia.com/advisories/25929