CVE-2004-1996
CVSS4.3
发布时间 :2004-05-05 00:00:00
修订时间 :2016-10-17 23:04:32
NMCOE    

[原文]Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag.


[CNNVD]Simple Machines Forum 大小标签HTML注入漏洞(CNNVD-200405-041)

        Simple Machines Forum (SMF) 1.0版本存在跨站脚本漏洞。远程攻击者借助size标签注入任意web脚本。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:simple_machines:smf:1.0_beta4p
cpe:/a:simple_machines:smf:1.0_beta4.1
cpe:/a:simple_machines:smf:1.0_beta5p

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1996
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1996
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200405-041
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108377364615934&w=2
(UNKNOWN)  BUGTRAQ  20040505 SMF SIZE Tag Script Injection Vulnerability
http://www.securityfocus.com/bid/10281
(VENDOR_ADVISORY)  BID  10281
http://xforce.iss.net/xforce/xfdb/16067
(VENDOR_ADVISORY)  XF  smf-size-html-injection(16067)

- 漏洞信息

Simple Machines Forum 大小标签HTML注入漏洞
中危 跨站脚本
2004-05-05 00:00:00 2005-10-20 00:00:00
远程  
        Simple Machines Forum (SMF) 1.0版本存在跨站脚本漏洞。远程攻击者借助size标签注入任意web脚本。

- 公告与补丁

        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息 (24082)

Simple Machines Forum 1.0 Size Tag HTML Injection Vulnerability (EDBID:24082)
php webapps
2004-05-05 Verified
0 Cheng Peng Su
N/A [点击下载]
source: http://www.securityfocus.com/bid/10281/info

It has been reported that Simple Machines Forum (SMF) may be prone to an HTML injection vulnerability that may allow an attacker to execute arbitrary HTML or script code in a user's browser. The issue exists due to insufficient sanitization of user-supplied input via the font size attribute.

Exploitation could allow for theft of cookie-based authentication credentials. Other attacks are also possible.

An attacker could reportedly post content to the forums containing:

[size=expression(alert(document.cookie))]Content[/size]

With the limit that the forum software filters out quotes, apostrophes and semicolons.

Another method that circumvents the software filtering would be to post content such as:

[size=expression(eval(unescape(document.URL.substring(document.URL.length-34,document.URL.length))))]Content[/size]

then get the victim to follow:

http://www.example.com/index.php?topic=12345.0&alert('cookie:\n'+document.cookie)

Where the '12345.0' is the topic containing the previously posted content. The victim's browser would execute the last 34 characters (as specified in the previously posted 'length-34' content).
		

- 漏洞信息

16898
Simple Machines Forum (SMF) SIZE Tag XSS
Remote / Network Access Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-05-05 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站