PHP Event Calendar 跨站脚本攻击漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1196097 漏洞类型 跨站脚本
发布时间 2006-02-13 更新时间 2006-02-13
CVE编号 CVE-2006-0657 CNNVD-ID CNNVD-200602-151
漏洞平台 N/A CVSS评分 3.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2006020048
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200602-151
|漏洞详情
SoftcomplexPHPEventCalendar1.5中存在跨站脚本攻击(XSS)漏洞。远程认证用户可以借助(1)username和(2)password参数(在写入user.php之前没有经过审查)注入任意Web脚本或HTML以及错误数据。注意:该问题最开始报告为XSS,但主要问题可能是直接静态代码注入而导致的XSS。
|漏洞EXP
New eVuln Advisory:
PHP Event Calendar XSS & User's Data Corruption Vulnerabilities
http://evuln.com/vulns/63/summary.html

--------------------Summary----------------
eVuln ID: EV0063
CVE: CVE-2006-0657
Vendor: Softcomplex
Vendor's Web Site: http://www.softcomplex.com/
Software: PHP Event Calendar
Sowtware's Web Site: http://www.softcomplex.com/products/php_event_calendar/
Versions: 1.5
Critical Level: Harmless
Type: Cross-Site Scripting
Class: Remote
Status: Unpatched. No reply from developer(s)
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
Registered user has an ability to change his Username and Password.
Username and Password isn't sanitized before being written to users.php file. This can be used to make XSS attack or corrupt users data.

--------------Exploit----------------------
Available at: http://evuln.com/vulns/63/exploit.html

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Regards,
Aliaksandr Hartsuyeu
http://evuln.com
|参考资料

来源:SECUNIA
名称:18792
链接:http://secunia.com/advisories/18792
来源:MISC
链接:http://evuln.com/vulns/63/summary.html
来源:XF
名称:phpeventcalendar-users-xss(24523)
链接:http://xforce.iss.net/xforce/xfdb/24523
来源:BID
名称:16588
链接:http://www.securityfocus.com/bid/16588
来源:OSVDB
名称:23072
链接:http://www.osvdb.org/23072
来源:OSVDB
名称:23071
链接:http://www.osvdb.org/23071
来源:VUPEN
名称:ADV-2006-0507
链接:http://www.frsirt.com/english/advisories/2006/0507
来源:SREASON
名称:442
链接:http://securityreason.com/securityalert/442