Ralph Capper Tiny PHP Forum 多个跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195286 漏洞类型 跨站脚本
发布时间 2006-04-20 更新时间 2006-04-24
CVE编号 CVE-2006-1898 CNNVD-ID CNNVD-200604-369
漏洞平台 N/A CVSS评分 2.6
|漏洞来源
https://cxsecurity.com/issue/WLB-2006040095
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-369
|漏洞详情
RalphCapperTinyPHPForum(TPF)3.6存在多个跨站脚本攻击漏洞。这使得远程攻击者可以借助于(1)profile.php中的查看动作中的uname参数和(2)登陆名注入任意Web脚本或HTML。
|漏洞EXP
~ Summery :
------------------------------
Name          : Tiny PHP forum v3.6
Software      : http://sourceforge.net/projects/tinyphpforum/
Discovered by : Hessam-x (Hessam M.Salehi) - www.hessamx.net

~ Vulnerabilities :
------------------------------
I. Cross-site Scripting
 A.Input code to the "uname" in profile.php
profile.php?action=view&uname=<script>alert("Xss")</script>
 B.input code in login name and login , in erorr page you can see xss code!

II. Access to hash password
This use very bad method for save hash password.
user's password save in a file,for example admin's password
saved in this file :
http://localhost/tpforum/users/admin.hash

Iran Hackerz Security Team , 2006-04-16
|参考资料

来源:BUGTRAQ
名称:20060417TinyPHPforum-vulns
链接:http://www.securityfocus.com/archive/1/archive/1/431133/100/0/threaded
来源:XF
名称:tinyphpforum-profile-error-xss(25856)
链接:http://xforce.iss.net/xforce/xfdb/25856
来源:BID
名称:17553
链接:http://www.securityfocus.com/bid/17553
来源:SREASON
名称:773
链接:http://securityreason.com/securityalert/773
来源:SREASON
名称:728
链接:http://securityreason.com/securityalert/728