phpComasy CMS index.php 多个跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192911 漏洞类型 跨站脚本
发布时间 2006-11-09 更新时间 2007-01-10
CVE编号 CVE-2006-5827 CNNVD-ID CNNVD-200611-174
漏洞平台 N/A CVSS评分 6.8
|漏洞来源
https://cxsecurity.com/issue/WLB-2006110046
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-174
|漏洞详情
phpComasyCMS的index.php存在多个跨站脚本攻击(XSS)漏洞,远程攻击者可通过(1)用户名或(2)密码参数注入任意Web脚本或HTML。
|漏洞EXP
MajorSecurity Advisory #32]phpComasy CMS - Multiple Cross Site Scripting Issues

Details
=======
Product: phpComasy CMS
Affected Version: <= 0.7.9 pre
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://www.phpcomasy.org
Vendor-Status: informed
Advisory-Status: published

Credits
============
Discovered by: David Vieira-Kurz
http://www.majorsecurity.de

Original Advisory:
============
http://www.majorsecurity.de/index_2.php?major_rls=major_rls32

Introduction
============
phpComasy CMS is a Content Management System.

More Details
============
Cross Site Scripting:
Input passed directly to the "username" and "password" parameter in "index.php" is not properly sanitised before being returned to the user.
This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Fix
===
Version 0.8

Solution
=============
Edit the source code to ensure that input is properly sanitised.
You should work with "htmlspecialchars()" or "htmlentities()" php-function to ensure that html tags
are not going to be executed. Further it is recommend to set off the "register globals" option in the
"php.ini" on your webserver.

Example:
$pass = htmlentities($_POST['pass']);
$test = htmlspecialchars($_GET('test'));
?>

History/Timeline
================
02.11.2006 discovery of the vulnerabilities
02.11.2006 additional tests with other versions
03.11.2006 contacted the vendor
04.11.2006 the vendor contacted me(response)
04.11.2006 vendor confirmed the bugs
05.11.2006 bugs have been fixed
06.11.2006 advisory is written
06.11.2006 advisory released

MajorSecurity
=======
MajorSecurity is a German penetration testing and security research project
which consists of only one person at the present time.
I am looking for a sponsor.
You can find more Information on the MajorSecurity Project at
http://www.majorsecurity.de/
|参考资料

来源:XF
名称:phpcomasy-index-xss(30053)
链接:http://xforce.iss.net/xforce/xfdb/30053
来源:BID
名称:20938
链接:http://www.securityfocus.com/bid/20938
来源:BUGTRAQ
名称:20061106MajorSecurityAdvisory#32]phpComasyCMS-MultipleCrossSiteScriptingIssues
链接:http://www.securityfocus.com/archive/1/450712
来源:MISC
链接:http://www.majorsecurity.de/index_2.php?major_rls=major_rls32
来源:SECUNIA
名称:22760
链接:http://secunia.com/advisories/22760
来源:SREASON
名称:1843
链接:http://securityreason.com/securityalert/1843