ILIAS Services/Utilities/classes/class.ilUtil.php 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1188555 漏洞类型 跨站脚本
发布时间 2007-10-30 更新时间 2007-11-15
CVE编号 CVE-2007-5806 CNNVD-ID CNNVD-200711-074
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/26264
https://cxsecurity.com/issue/WLB-2007110014
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200711-074
|漏洞详情
ILIAS3.8.3版本及其早期版本的Services/Utilities/classes/class.ilUtil.php中存在跨站脚本攻击漏洞,远程攻击者可以借助(1)mailing或(2)forum组件中的一个域名字符串内的属性注入任意web脚本或HTM,如运行style和onmouseoverHTML属性。
|漏洞EXP
======================================================================
ILIAS <= 3.8.3 Cross Site Scripting
======================================================================

Author:          L4teral <l4teral [4t] gmail com>
Impact:          Cross Site Scripting
Status:          patch available

------------------------------
Affected software description:
------------------------------

Application:     ILIAS
Version:         <= 3.8.3
Vendor:          http://www.ilias.de

Description:
ILIAS is a powerful web-based learning management system that allows
you to easily manage learning resources in an integrated system.

--------------
Vulnerability:
--------------

The mailing and forum components are vulnerable to cross site scripting.

------------
PoC/Exploit:
------------

create forum post/mail with:
http://www.ex"style="width:expression(alert('xss'))"ample.com

http://www.ex"onmouseover="javascript:alert('xss');"ample.com

---------
Solution:
---------

install security patch:
http://www.ilias.de/docu/goto.php?target=pg_16836_35&client_id=docu

---------
Timeline:
---------

17.10.2007 - vendor informed
25.10.2007 - vendor responded
29.10.2007 - vendor released patch
30.10.2007 - public disclosure
|受影响的产品
ILIAS ILIAS 3.8.3 ILIAS ILIAS 3.8.2 ILIAS ILIAS 3.8.1 ILIAS ILIAS 3.8
|参考资料

来源:BID
名称:26264
链接:http://www.securityfocus.com/bid/26264
来源:www.ilias.de
链接:http://www.ilias.de/docu/goto.php?target=st_229_35&client_id=docu
来源:downloads.sourceforge.net
链接:http://downloads.sourceforge.net/ilias/ilias.3.8.3.security.patch.zip
来源:BUGTRAQ
名称:20071030ILIAS<=3.8.3CrossSiteScripting
链接:http://www.securityfocus.com/archive/1/archive/1/483011/100/0/threaded
来源:OSVDB
名称:38328
链接:http://osvdb.org/38328
来源:XF
名称:ilias-mail-forum-xss(38171)
链接:http://xforce.iss.net/xforce/xfdb/38171
来源:SREASON
名称:3340
链接:http://securityreason.com/securityalert/3340
来源:SECUNIA
名称:27457
链接:http://secunia.com/advisories/27457