Sabros.US 'Index.PHP' 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192061 漏洞类型 跨站脚本
发布时间 2007-01-19 更新时间 2007-01-22
CVE编号 CVE-2007-0390 CNNVD-ID CNNVD-200701-317
漏洞平台 N/A CVSS评分 6.8
|漏洞来源
https://cxsecurity.com/issue/WLB-2007010085
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-317
|漏洞详情
sabros.us1.7版本的index.php中存在跨站脚本攻击漏洞。远程攻击者可以借助标签参数,注入任意的web脚本或HTML。
|漏洞EXP
-=[--------------------ADVISORY-------------------]=-
                                              
                        sabros.us 1.7    
                                               
  Author: CorryL    [corryl80 (at) gmail (dot) com [email concealed]]   
-=[-----------------------------------------------]=-

-=[+] Application:    sabros.us 
-=[+] Version:        1.7
-=[+] Vendor's URL:   http://sourceforge.net/projects/sabrosus/
-=[+] Platform:       WindowsLinuxUnix
-=[+] Bug type:       Cross-Site Script
-=[+] Exploitation:   Remote
-=[-]
-=[+] Author:           CorryL  ~ corryl80[at]gmail[dot]com ~
-=[+] Reference:       www.x0n3-h4ck.org
-=[+] Virtual Office:  http://www.kasamba.com/CorryL
-=[+] Irc Chan:         irc.darksin.net #x0n3-h4ck

..::[ Descriprion ]::..

sabros.us is a CMS to put your bookmarks online with folksonomy support; 
just like del.icio.us, but the big diference is you will have 
the complete control of the source code and written on PHP with MySQL 
as backend we make it cross platform.

..::[ Proof Of Concept ]::..

http://remote-server/index.php?tag=</title><script>alert(document.cookie
)</script>
|参考资料

来源:BID
名称:22115
链接:http://www.securityfocus.com/bid/22115
来源:BUGTRAQ
名称:20070118[x0n3-h4ck]sabros.us1.7XSSExploit
链接:http://www.securityfocus.com/archive/1/archive/1/457331/100/0/threaded
来源:OSVDB
名称:31602
链接:http://osvdb.org/31602
来源:XF
名称:sabros-index-xss(31600)
链接:http://xforce.iss.net/xforce/xfdb/31600
来源:SREASON
名称:2170
链接:http://securityreason.com/securityalert/2170
来源:SECUNIA
名称:23824
链接:http://secunia.com/advisories/23824
来源:FULLDISC
名称:20070118[x0ne-h4ck]sabros.us1.7XSSExploit
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2007-January/051868.html