Two Shoes M-Factory (TSMF) SimpleBoard Stable 多个跨站脚本攻击(XSS)漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1194689 漏洞类型 跨站脚本
发布时间 2006-06-05 更新时间 2006-06-08
CVE编号 CVE-2006-2815 CNNVD-ID CNNVD-200606-104
漏洞平台 N/A CVSS评分 6.8
|漏洞来源
https://cxsecurity.com/issue/WLB-2006060036
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200606-104
|漏洞详情
TwoShoesM-Factory(TSMF)SimpleBoard1.1.0Stable(com_simpleboard)存在多个跨站脚本攻击(XSS)漏洞,用于Mambo和Joomla!中时,远程攻击者可通过(1)Frontend中的"postnetopic"中的名字字段,(2)后台管理面板中的Simpleboard配置中的标题(Community-Title)字段和后台管理面板中Simpleboard管理中的(3)名字(Forum-Title)和(4)名字(Category-Title)字段,来注入任意Web脚本或HTML。注意:一些来源称sb_authorname参数受影响,但不清楚哪个字段与其有关。
|漏洞EXP
Joomla/Mambo CMS Component SimpleBoard 1.1.0 Stable XSS-Vulnerabilities
=======================================================================

Release Date
------------
June 01, 2006

Vendor
-------
Two Shoes Mambo Factory
http://www.tsmf.net/

Version
-------
SimpleBoard 1.1.0 Stable (com_simpleboard) under Joomla CMS 1.0.8

Details
-------
Frontend (Public):
<forum_link> / <forum_title> / "post ne topic" / Name -> [XSS]

If the module "mod_simpleboard5" wich shows the latest posts (also  
Username) is installed and aktivated for the frontpage (home), make  
<script>history.back();</script> and no one can join the page again!

Backend (Admin Panel):
Components /Simpleboard Forum / Simpleboard Configuration / Basics ->  
Title [XSS] (Community-Title)

Components /Simpleboard Forum / Simpleboard Administration / New ->  
Name [XSS] (Forum-Title)

Components /Simpleboard Forum / Simpleboard Administration / New ->  
Name [XSS] (Category-Title <- Choose "Top Level Category")

XSS example: <script>alert("XSS");</script>

Discovered by:
Yannick von Arx
yannick[dot]vonarx[at]yanux[dot]ch
|参考资料

来源:BID
名称:18251
链接:http://www.securityfocus.com/bid/18251
来源:BUGTRAQ
名称:20060601Joomla/MamboCMSComponentSimpleBoard1.1XSS-Vulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/435615/100/0/threaded
来源:VUPEN
名称:ADV-2006-2111
链接:http://www.frsirt.com/english/advisories/2006/2111
来源:SECUNIA
名称:20409
链接:http://secunia.com/advisories/20409
来源:FULLDISC
名称:20060601Joomla/MamboCMSComponentSimpleBoard1.1XSS-Vulnerabilities
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046484.html
来源:XF
名称:simpleboard-multiple-xss(27021)
链接:http://xforce.iss.net/xforce/xfdb/27021
来源:SREASON
名称:1030
链接:http://securityreason.com/securityalert/1030