aWebNews visview.php 多个跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195514 漏洞类型 跨站脚本
发布时间 2006-04-04 更新时间 2006-04-04
CVE编号 CVE-2006-1612 CNNVD-ID CNNVD-200604-043
漏洞平台 N/A CVSS评分 5.1
|漏洞来源
https://cxsecurity.com/issue/WLB-2006040039
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200604-043
|漏洞详情
aWebNews1.0的visview.php存在跨站脚本攻击(XSS)漏洞,远程攻击者可以通过(1)yname,(2)emailadd,(3)subject和(4)comment参数注入任意Web脚本或HTML。
|漏洞EXP
New eVuln Advisory:
aWebNews Multiple XSS and SQL Injection Vulnerabilities
http://evuln.com/vulns/116/summary.html

--------------------Summary----------------
eVuln ID: EV0116
CVE: CVE-2006-1612 CVE-2006-1613
Software: aWebNews
Sowtware's Web Site: http://labs.aweb.com.au/awebnews.php
Versions: 1.0
Critical Level: Moderate
Type: Multiple Vulnerabilities
Class: Remote
Status: Unpatched. Developer(s) contacted.
PoC/Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
1. Multiple Cross-Site Scripting Vulnerabilities.

Vulnerable Script: visview.php

Parameters yname, emailadd, subject, comment are not properly sanitized. This can be used to post arbitrary HTML or web script code.

2. Multiple SQL Injections.

Vulnerable scripts:
login.php
fpass.php
visview.php

Variables $user123(login.php), $user123(fpass.php), $_GET['cid'](visview.php) are not properly sanitized before being used in SQL queries. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

--------------PoC/Exploit----------------------
Available at: http://evuln.com/vulns/116/exploit.html

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.
|参考资料

来源:VUPEN
名称:ADV-2006-1196
链接:http://www.frsirt.com/english/advisories/2006/1196
来源:SECUNIA
名称:19487
链接:http://secunia.com/advisories/19487
来源:MISC
链接:http://evuln.com/vulns/116/summary.html
来源:XF
名称:awebnews-visview-xss(25589)
链接:http://xforce.iss.net/xforce/xfdb/25589
来源:BUGTRAQ
名称:20060414[eVuln]aWebNewsMultipleXSSandSQLInjectionVulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/431007/100/0/threaded
来源:OSVDB
名称:24333
链接:http://www.osvdb.org/24333
来源:SREASON
名称:707
链接:http://securityreason.com/securityalert/707