DHCart 多个跨站脚本攻击漏洞和HTML注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1116615 漏洞类型 跨站脚本
发布时间 2008-11-04 更新时间 2009-03-27
CVE编号 CVE-2008-6297 CNNVD-ID CNNVD-200902-592
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/32567
https://www.securityfocus.com/bid/32117
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-592
|漏洞详情
DHCart是一个基于PHP的应用程序,提供了一个简单易用的购买域名和主机服务的用户购物车。DHCart的order.php中存在跨站脚本攻击漏洞。远程攻击者可以借助(1)domain和(2)d1参数,注入任意web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/32117/info

DHCart is prone to multiple cross-site scripting and HTML-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

DHCart 3.84 is vulnerable; other versions may also be affected.

http://www.example.com/order.php?dhaction=check&submit_domain=Register&domain=%22%3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&ext1=on

http://www.example.com/order.php?dhaction=add&d1=lalalalasss%22%3E%3Cscript%3Ealert(1)%3C/script%3E&x1=.com&r1=0&h1=1&addtocart1=on&n=3
|受影响的产品
DHCart DHCart 3.84
|参考资料

来源:XF
名称:dhcart-order-xss(46339)
链接:http://xforce.iss.net/xforce/xfdb/46339
来源:BID
名称:32117
链接:http://www.securityfocus.com/bid/32117
来源:SECUNIA
名称:32555
链接:http://secunia.com/advisories/32555
来源:MISC
链接:http://lostmon.blogspot.com/2008/11/dhcart-multiple-variable-xss-and-stored.html