CVE-2004-1827
CVSS4.3
发布时间 :2004-03-15 00:00:00
修订时间 :2016-10-17 23:01:10
NMCOE    

[原文]Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaBB SE 1.5.1 Final allows remote attackers to inject arbitrary web script via the background:url property in (1) glow or (2) shadow tags.


[CNNVD]YABB SE多个跨站脚本执行漏洞(CNNVD-200403-063)

        
        Yabb Se是一款基于PHP/MySQL的论坛程序。
        YaBB SE由于不正确的过滤[glow]和[shadow]标记,远程攻击者可以利用这个漏洞进行跨站脚本执行攻击,导致敏感信息泄露。
        在[glow]和[shadow]标记中加入恶意脚本代码,当浏览者读取包含此链接的页面,无需打开就会导致恶意脚本代码在用户浏览器上执行,可使目标用户敏感信息泄露。
        

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:yabb:yabb:1_gold_-_sp_1.3
cpe:/a:yabb:yabb:1.5.1::second_edition
cpe:/a:simple_machines:simple_machines_smf:1.0_b

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1827
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1827
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200403-063
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=107936800226430&w=2
(UNKNOWN)  BUGTRAQ  20040314 YaBB/YaBBse Cross Site Scripting Vulnerability
http://marc.info/?l=bugtraq&m=107948064923981&w=2
(UNKNOWN)  BUGTRAQ  20040316 RE: YaBB/YaBBse Cross Site Scripting Vulnerability
http://securitytracker.com/id?1009427
(UNKNOWN)  SECTRACK  1009427
http://www.securityfocus.com/bid/9873
(VENDOR_ADVISORY)  BID  9873
http://www.yabbforum.com/community/YaBB.pl?board=general;action=display;num=1093133233
(UNKNOWN)  CONFIRM  http://www.yabbforum.com/community/YaBB.pl?board=general;action=display;num=1093133233
http://xforce.iss.net/xforce/xfdb/15488
(VENDOR_ADVISORY)  XF  yabb-glow-shadow-xss(15488)

- 漏洞信息

YABB SE多个跨站脚本执行漏洞
中危 输入验证
2004-03-15 00:00:00 2006-08-24 00:00:00
远程  
        
        Yabb Se是一款基于PHP/MySQL的论坛程序。
        YaBB SE由于不正确的过滤[glow]和[shadow]标记,远程攻击者可以利用这个漏洞进行跨站脚本执行攻击,导致敏感信息泄露。
        在[glow]和[shadow]标记中加入恶意脚本代码,当浏览者读取包含此链接的页面,无需打开就会导致恶意脚本代码在用户浏览器上执行,可使目标用户敏感信息泄露。
        

- 公告与补丁

        临时解决方法:
        如果您不能立刻安装补丁或者升级,CNNVD建议您采取以下措施以降低威胁:
        * frog-m@n提供如下第三方补丁:
        使用
        -----------------------------------------------------------------------------------
        '/\[glow=([[:alpha:]]+?),(.+?),(.+?)\](.+?)\[\/glow\]/eis',
        '/\[shadow=([[:alpha:]]+?),(.+?)\](.+?)\[\/shadow\]/eis',
        -----------------------------------------------------------------------------------
        代替
        --------------------------------------------------------------------------
        '/\[glow=(.+?),(.+?),(.+?)\](.+?)\[\/glow\]/eis',
        '/\[shadow=(.+?),(.+?)\](.+?)\[\/shadow\]/eis',
        --------------------------------------------------------------------------
        使用-----------------------------------------------------------------------------------------------------------------------------
        "'
        style=\"filter:Glow(color=\\1, strength=' . intval( ('\\2' < 255 ? '\\2' :
        '255') ) . ');\">' . \"\\4\" . '
'",
        -----------------------------------------------------------------------------------------------------------------------------
        代替
        -----------------------------------------------------------------------------------------------------------------------------
        "'
        style=\"filter:Glow(color=\\1, strength=' . ('\\2' < 255 ? '\\2' : '255') .
        ');\">' . \"\\4\" . '
'",
        -----------------------------------------------------------------------------------------------------------------------------
        厂商补丁:
        YaBB
        ----
        用户必须升级到SMF 1.0 Public Beta 4,另外YaBB SE由于不在支持,供应商将不提供补丁:
        
        http://www.simplemachines.org/download.php

- 漏洞信息 (23812)

YABB SE 1.5.1 Multiple Cross-Site Scripting Vulnerabilites (EDBID:23812)
php webapps
2004-03-15 Verified
0 Cheng Peng Su
N/A [点击下载]
source: http://www.securityfocus.com/bid/9873/info

It has been reported that YaBB and YaBB SE are prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure of the applications to properly validate URI supplied user input.

Attackers may exploit this vulnerability to steal authentication credentials. Other attacks may also be possible.

[glow=red);background:url(javascript:alert(document.cookie));filter:glow(color=red,2,300]Big Exploit[/glow]

[shadow=red);background:url(javascript:alert(document.cookie));filter:shadow(color=red,left,300]Big Exploit[/shadow]

The following proof of concept has been supplied by frog-m@n:
[glow=red,2);background:url(javascript:[SCRIPT],300]text[/glow]		

- 漏洞信息

4283
YaBB background:url glow / shadow Tag XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public Vendor Verified

- 漏洞描述

YaBB and Simple Machines SMF contain a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user input upon submission to the "glow" or "shadow" formatting tags. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2004-02-29 2004-01-01
2004-02-29 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, the vulnerability reporter (Frog Man) has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站