- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 12323
- Проверка EDB
-
- Пройдено
- Автор
- ITSECTEAM
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2010-1712
- Дата публикации
- 2010-04-21
Код:
#####################################################################################
#Title: WB News (Webmobo) 2.3.3 Stored XSS #
#Vendor: http://www.webmobo.org/ #
#####################################################################################
#AUTHOR: ITSecTeam #
#Email: [email protected] #
#Website: http://www.itsecteam.com #
#Forum : http://forum.ITSecTeam.com #
#Original Advisory: www.ITSecTeam.com/en/vulnerabilities/vulnerability44.htm #
#Thanks: r3dm0v3 [r3dm0v3_at_ymail.com], Pejvak, am!rkh@n #
#####################################################################################
#DESCRIPTION (by vendor):############################################################
WB News is a PHP news management system which requires MySQL/PostgreSQL database.
The system is meant for quick and easy build to integrate news into an existing
site or used as a framework with many systems such as Authentication, Template Engine,
Database Abstration and more.
#BUG:################################################################################
file /base/Comments.php:
85: foreach ( $comments as $comment )
86: {
87: $rows[] = array(
88: "message" => nl2br( textWrap( htmlspecialchars( filter( $comment["message"] ) ) ) ),
89: "name" => NULL != $comment["postname"] ? $comment["postname"] : $comment["name"], //<---vulnerable line
90: "date" => tz_date( Configuration::getInstance()->getOption("dateFormat"), $comment["timeposted"] )
91: );
92: }
file /templates/default/list-comments.ihtml:
17: <td><strong><?php echo __("Posted By") ?>:</strong> <?php echo $r["name"] ?> On: <?php echo $r["date"] ?></td>
Comment sender's name is not filtered and is sent to browser!
#EXPLOIT:############################################################################
goto comments and post any script as comment sender's name!- Источник
- www.exploit-db.com
