SloughFlash SF-Users 跨站脚本攻击(XSS)漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195116 漏洞类型 跨站脚本
发布时间 2006-05-04 更新时间 2006-05-04
CVE编号 CVE-2006-2167 CNNVD-ID CNNVD-200605-082
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://cxsecurity.com/issue/WLB-2006050028
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200605-082
|漏洞详情
SloughFlashSF-Users1.0当中存在跨站脚本攻击(XSS)漏洞,可能在register.php内。远程攻击者可以通过设置username字段,在IMG元素的SRC属性中包含JavaScript,从而注入任意Web脚本或HTML。
|漏洞EXP
SF-Users V1.0 XSS injection

Discovered by: Nomenumbra

Date: 5/2/2006

impact:moderate (privilege escalation,possible defacement)

The username with which you sign up isn't properly sanitized so it's possible to

insert some javascript there.

The single quote is filtered so we'll have to use ' or %27. A username like this:

<IMG SRC=javascript:alert(%27!%27)> would be displayed on the user page as XSS, the rest is left to

your fantasy.

Nomenumbra/[0x4F4C]
|参考资料

来源:BID
名称:17783
链接:http://www.securityfocus.com/bid/17783
来源:BUGTRAQ
名称:20060502SF-UsersV1.0XSSinjection
链接:http://www.securityfocus.com/archive/1/archive/1/432727/100/0/threaded
来源:VUPEN
名称:ADV-2006-1637
链接:http://www.frsirt.com/english/advisories/2006/1637
来源:SECUNIA
名称:19932
链接:http://secunia.com/advisories/19932
来源:XF
名称:sfusers-register-xss(26215)
链接:http://xforce.iss.net/xforce/xfdb/26215
来源:SREASON
名称:831
链接:http://securityreason.com/securityalert/831