phplemon myweight user_addfood.php 日期参数跨站脚本攻击漏洞

漏洞ID	1118147	漏洞类型	跨站脚本
发布时间	2009-07-20	更新时间	2009-07-20
CVE编号	CVE-2009-3512	CNNVD-ID	CNNVD-200910-103
漏洞平台	PHP	CVSS评分	4.3

|漏洞来源

https://www.exploit-db.com/exploits/34741
https://www.securityfocus.com/bid/43488
https://cxsecurity.com/issue/WLB-2009100082
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200910-103

|漏洞详情

MyWeight1.0版本中存在多个跨站脚本攻击漏洞。远程攻击者可以借助提交到user_addfood.php的日期参数，到(2)user_forgot_pwd_form.php和(3)user_login.php的info参数，到user_login.php的返回参数，注入任意的web脚本或HTML。

|漏洞EXP

source: http://www.securityfocus.com/bid/43488/info
 
MyWeight is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data.
 
An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.
 
phplemon MyWeight 1.0 is vulnerable; others versions may be affected. 

http://www.example.com/user_forgot_pwd_form.php?info=1<script>alert(394944650346)</script>

|受影响的产品

phplemon MyWeight 1.0

|参考资料

来源:XF
名称:myweight-date-xss(51861)
链接:http://xforce.iss.net/xforce/xfdb/51861
来源:OSVDB
名称:55999
链接:http://www.osvdb.org/55999
来源:OSVDB
名称:55998
链接:http://www.osvdb.org/55998
来源:OSVDB
名称:55997
链接:http://www.osvdb.org/55997
来源:SECUNIA
名称:35919
链接:http://secunia.com/advisories/35919
来源:MISC
链接:http://packetstormsecurity.org/0907-exploits/myweight-xss.txt