mojoscripts.com mojoGallery 'admin.cgi' 跨站脚本攻击(XSS)漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193823 漏洞类型 跨站脚本
发布时间 2006-08-14 更新时间 2006-08-15
CVE编号 CVE-2006-4104 CNNVD-ID CNNVD-200608-240
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://cxsecurity.com/issue/WLB-2006080083
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200608-240
|漏洞详情
mojoscripts.commojoGallery的admin.cgi中存在跨站脚本攻击(XSS)漏洞,远程攻击者可以借助密码输入注入任意Web脚本或HTML。
|漏洞EXP
SOFTWARE:

=========

MojoScripts' mojoGallery All version

DESCRIPTION:

============

dork: "Powered by mojoGallery"

add to last path /admin.cgi , admin and password input <script>alert("lol")</script> or all html tags

=====================

mail: tugra (at) icqmail (dot) com [email concealed] , alp_eren (at) ayyildiz (dot) org [email concealed]

web: www.ayyildiz.org

special thanx to thehacker,iskorpitx,metlak,SPYMETA,AlpTrkTegin,shadow, and all AYT member and All Turks

=====================

Damn with Pkk, damn with terrorism
|参考资料

来源:BID
名称:19431
链接:http://www.securityfocus.com/bid/19431
来源:BUGTRAQ
名称:20060806MojoScripts'xssvulnerable
链接:http://www.securityfocus.com/archive/1/442596
来源:VUPEN
名称:ADV-2006-3220
链接:http://www.frsirt.com/english/advisories/2006/3220
来源:SECUNIA
名称:21438
链接:http://secunia.com/advisories/21438
来源:XF
名称:mojogallery-admin-xss(28293)
链接:http://xforce.iss.net/xforce/xfdb/28293
来源:SREASON
名称:1374
链接:http://securityreason.com/securityalert/1374