PHPAdsNew和PHPPGAds多个跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195596 漏洞类型 跨站脚本
发布时间 2006-03-28 更新时间 2006-03-28
CVE编号 CVE-2006-1397 CNNVD-ID CNNVD-200603-461
漏洞平台 N/A CVSS评分 4.3
|漏洞来源
https://cxsecurity.com/issue/WLB-2006030119
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200603-461
|漏洞详情
在(a)phpAdsNew和(b)phpPgAds2.0.8之前版本中存在多个跨站脚本攻击(XSS)漏洞,远程攻击者可通过以下途径注入任意Web脚本或HTML:(1)用于标志发送模块的某些参数,它们在管理接口中得不到妥善处理,或(2)用于login表中的某些参数。
|漏洞EXP
========================================================================

phpAdsNew / phpPgAds security advisory             PHPADSNEW-SA-2006-001
------------------------------------------------------------------------

Advisory ID:           PHPADSNEW-SA-2006-001
Date:                  2006-Mar-27
Security risk:         medium risk
Applications affetced: phpAdsNew, phpPgAds
Versions affected:     <= 2.0.7
Versions not affected: >= 2.0.8
========================================================================

========================================================================

Vulnerability 1:  HTML injection / Cross-site scripting
========================================================================

Description
-----------
Some scripts inside the admin interface were displaying parameters 
collected by the delivery scripts without proper sanitizing or escaping. 
The delivery scripts have public access, while the admin interface is 
restricted to logged in users. An attacker could inject HTML/XSS code 
which could be displayed/executed in a later time inside the admin 
interface.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.8.

========================================================================

Vulnerability 2:  HTML injection / Cross-site scripting
========================================================================

Description
-----------
The login form was sending back to the browser the unmodified query 
string, making possible for an attacker to inject HTML/XSS code by using 
a specifically crafted URL.

Solution
--------
- Upgrade to phpAdsNew or phpPgAds 2.0.8.

Contact informations
====================

The security contact for phpAdsNew and phpPgAds can be reached at:
<security AT phpadsnew DOT com>

Best regards
--
Matteo Beccati
http://phpadsnew.com
http://phppgads.com
|参考资料

来源:BID
名称:17251
链接:http://www.securityfocus.com/bid/17251
来源:BUGTRAQ
名称:20060327[PHPADSNEW-SA-2006-001]phpAdsNewandphpPgAds2.0.8fixmultiplevulnerabilities
链接:http://www.securityfocus.com/archive/1/archive/1/428898/100/0/threaded
来源:VUPEN
名称:ADV-2006-1107
链接:http://www.frsirt.com/english/advisories/2006/1107
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=404964
来源:sourceforge.net
链接:http://sourceforge.net/project/shownotes.php?release_id=404963
来源:SECTRACK
名称:1015829
链接:http://securitytracker.com/id?1015829
来源:SECTRACK
名称:1015828
链接:http://securitytracker.com/id?1015828
来源:SECUNIA
名称:19384
链接:http://secunia.com/advisories/19384
来源:phpadsnew.com
链接:http://phpadsnew.com/two/nucleus/index.php?itemid=46
来源:XF
名称:phpadsnew-login-banner-xss(25458)
链接:http://xforce.iss.net/xforce/xfdb/25458
来源:OSVDB
名称:24206
链接:http://www.osvdb.org/24206
来源:OSVDB
名称:24205
链接:http://www.osvdb.org/24205
来源:SREASON
名称:633
链接:http://securityreason.com/securityalert/633