CVE-2004-2288
CVSS4.3
发布时间 :2004-12-31 00:00:00
修订时间 :2008-09-05 16:43:42
NMCOE    

[原文]Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBulletin allows remote attackers to spoof parts of a website via the loc parameter.


[CNNVD]VBulletin index.php远程文件包含漏洞(CNNVD-200412-147)

        
        vBulletin是一款基于WEB的论坛程序。
        vBulletin包含的'index.php'脚本对用户提交输入缺少充分过滤,远程攻击者可以利用这个漏洞以WEB进程权限在系统上执行任意命令。
        vBulletin包含的'index.php'脚本对'loc'参数缺少充分过滤,攻击者可以指定远程服务器上的恶意文件作为包含文件,可导致以WEB进程权限执行恶意文件中的任意命令。
        

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:jelsoft:vbulletin:2.2.9
cpe:/a:jelsoft:vbulletin:3.0_beta_5
cpe:/a:jelsoft:vbulletin:1.0.1::lite
cpe:/a:jelsoft:vbulletin:2.0.3
cpe:/a:jelsoft:vbulletin:2.0_rc2
cpe:/a:jelsoft:vbulletin:3.0_beta_7
cpe:/a:jelsoft:vbulletin:2.2.5
cpe:/a:jelsoft:vbulletin:2.0_rc3
cpe:/a:jelsoft:vbulletin:2.3.2
cpe:/a:jelsoft:vbulletin:3.0_beta_3
cpe:/a:jelsoft:vbulletin:2.2.3
cpe:/a:jelsoft:vbulletin:2.3.0
cpe:/a:jelsoft:vbulletin:3.0_beta_4
cpe:/a:jelsoft:vbulletin:2.3.3
cpe:/a:jelsoft:vbulletin:2.2.6
cpe:/a:jelsoft:vbulletin:2.2.0
cpe:/a:jelsoft:vbulletin:2.2.7
cpe:/a:jelsoft:vbulletin:2.2.2
cpe:/a:jelsoft:vbulletin:2.2.4
cpe:/a:jelsoft:vbulletin:2.2.8
cpe:/a:jelsoft:vbulletin:2.3.4
cpe:/a:jelsoft:vbulletin:3.0_beta_6
cpe:/a:jelsoft:vbulletin:3.0_beta_2
cpe:/a:jelsoft:vbulletin:3.0_gamma
cpe:/a:jelsoft:vbulletin:2.2.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2288
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2288
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200412-147
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/10362
(UNKNOWN)  BID  10362
http://www.infosecurity.org.cn/article/hacker/exploit/16557.html
(UNKNOWN)  MISC  http://www.infosecurity.org.cn/article/hacker/exploit/16557.html

- 漏洞信息

VBulletin index.php远程文件包含漏洞
中危 输入验证
2004-12-31 00:00:00 2006-09-20 00:00:00
远程  
        
        vBulletin是一款基于WEB的论坛程序。
        vBulletin包含的'index.php'脚本对用户提交输入缺少充分过滤,远程攻击者可以利用这个漏洞以WEB进程权限在系统上执行任意命令。
        vBulletin包含的'index.php'脚本对'loc'参数缺少充分过滤,攻击者可以指定远程服务器上的恶意文件作为包含文件,可导致以WEB进程权限执行恶意文件中的任意命令。
        

- 公告与补丁

        厂商补丁:
        VBulletin
        ---------
        目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        
        http://www.vbulletin.com/

- 漏洞信息 (24124)

VBulletin 1.0/2.x/3.0 Index.PHP User Interface Spoofing Weakness (EDBID:24124)
php webapps
2004-05-17 Verified
0 p0rk
N/A [点击下载]
source: http://www.securityfocus.com/bid/10362/info

A weakness has been reported to exist in the VBulletin software that may allow an attacker to spoof parts of the VBulletin interface. The issue exists due to improper validation of user-supplied data.

Remote attackers may potentially exploit this issue, by convincing a VBulletin administrator to follow a specially crafted URI. The URI would contain a URI to a remote attacker owned HTML page as a value for the affected parameter of the 'index.php' script. If the administrator were to follow this link, part of the VBulletin user interface may be spoofed by the attacker.

http://forums.example.com/admincp/index.php?loc=http://www.example.com		

- 漏洞信息

19023
vBulletin index.php loc Parameter XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Public

- 漏洞描述

vBulletin contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate user-supplied data to the loc parameter upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

- 时间线

2005-08-27 Unknow
Unknow Unknow

- 解决方案

Products

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站