Claroline 多文件跨站漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1115685 漏洞类型 跨站脚本
发布时间 2008-07-15 更新时间 2009-01-29
CVE编号 CVE-2008-3260 CNNVD-ID CNNVD-200807-364
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/32069
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200807-364
|漏洞详情
Claroline是一套适用于传统教育培训的教学辅助平台。Claroline1.8.10以前版本存在跨站脚本攻击漏洞,远程攻击者通过(1)对document/rqmkhtml.php的一个rqMkHtml操作中的cwd参数,或对(2)announcements/announcements.php,(3)calendar/agenda.php,(4)course/index.php,(5)course_description/index.php,(6)document/document.php,(7)exercise/exercise.php,(8)group/group_space.php,(9)phpbb/newtopic.php,(10)phpbb/reply.php,(11)phpbb/viewtopic.php,(12)wiki/wiki.php,或(13)claroline/中的work/work.php查询字符串,以注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/30269/info
          
Claroline is prone to multiple input-validation vulnerabilities:
          
1. Multiple cross-site scripting vulnerabilities.
2. A remote URI-redirection vulnerability.
          
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site and redirect users to an attacker-controlled site; this may aid in phishing-style attacks.
          
Versions prior to Claroline 1.8.10 are vulnerable. 

http://www.example.com/claroline/wiki/wiki.php?"><script>alert('DSecRGXSS')</script>
|参考资料

来源:XF
名称:claroline-unknown-unspecified(43854)
链接:http://xforce.iss.net/xforce/xfdb/43854
来源:BID
名称:30269
链接:http://www.securityfocus.com/bid/30269
来源:BUGTRAQ
名称:20080718[DSECRG-08-030]Claroline1.8.9MultipleSecurityVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/494539/100/0/threaded
来源:wiki.claroline.net
链接:http://wiki.claroline.net/index.php/Changelog_1.8.x#Modification_between_claroline_1.8.9_and_1.8.10
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=613634
来源:SREASON
名称:4020
链接:http://securityreason.com/securityalert/4020
来源:SECUNIA
名称:31116
链接:http://secunia.com/advisories/31116