CloudNine Interactive CJ Tag Board 'tag.php'跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193499 漏洞类型 跨站脚本
发布时间 2006-09-14 更新时间 2006-09-18
CVE编号 CVE-2006-4797 CNNVD-ID CNNVD-200609-249
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://cxsecurity.com/issue/WLB-2006090108
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-249
|漏洞详情
CloudNineInteractiveCJTagBoard3.0的tag.php中存在跨站脚本攻击(XSS)漏洞,远程攻击者可以通过cjmsg参数的urlBBcode标记中的JavaScript事件注入任意Web脚本或HTML。
|漏洞EXP
New eVuln Advisory:
CJ Tag Board XSS Vulnerability
http://evuln.com/vulns/137/summary.html

--------------------Summary----------------
eVuln ID: EV0137
Vendor: CloudNine Interactive
Vendor's Web Site: http://www.cloudnineinteractive.co.uk/
Software: Tag Board
Sowtware's Web Site:
http://www.cloudnineinteractive.co.uk/stuffforyou.htm
Versions: 3.0
Critical Level: Harmless
Type: Cross-Site Scripting
Class: Remote
Status: Unpatched. No reply from developer(s)
PoC/Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
Cross-Site Scripting.

Vulnerable Script: tag.php

Parameter cjmsg is not properly sanitized. This can be used to post
arbitrary HTML or web script code.

--------------PoC/Exploit----------------------
Available at: http://evuln.com/vulns/137/exploit.html

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.
|参考资料

来源:BID
名称:20000
链接:http://www.securityfocus.com/bid/20000
来源:BUGTRAQ
名称:20060912[eVuln]CJTagBoardXSSVulnerability
链接:http://www.securityfocus.com/archive/1/archive/1/445913/100/0/threaded
来源:MISC
链接:http://evuln.com/vulns/137/summary.html
来源:XF
名称:tag-board-tag-xss(28501)
链接:http://xforce.iss.net/xforce/xfdb/28501
来源:SREASON
名称:1580
链接:http://securityreason.com/securityalert/1580