CVE-2006-0896
CVSS4.3
发布时间 :2006-02-25 06:02:00
修订时间 :2011-04-07 00:00:00
NMCOPS    

[原文]Cross-site scripting (XSS) vulnerability in Sources/Register.php in Simple Machine Forum (SMF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For HTTP header field.


[CNNVD]Simple Machines X-Forwarded-For ‘Sources/Register.php’跨站脚本攻击漏洞(CNNVD-200602-391)

        Simple Machine Forum (SMF) 1.0.6的Sources/Register.php中存在跨站脚本攻击(XSS)漏洞。远程攻击者可以借助X-Forwarded-For HTTP报头字段注入任意Web脚本或HTML。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CWE (弱点类目)

CWE-79 [在Web页面生成时对输入的转义处理不恰当(跨站脚本)]

- CPE (受影响的平台与产品)

产品及版本信息(CPE)暂不可用

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0896
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0896
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200602-391
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/24915
(UNKNOWN)  XF  smf-register-xss(24915)
http://www.vupen.com/english/advisories/2006/0726
(VENDOR_ADVISORY)  VUPEN  ADV-2006-0726
http://www.simplemachines.org/community/index.php?topic=78841.0
(UNKNOWN)  CONFIRM  http://www.simplemachines.org/community/index.php?topic=78841.0
http://www.securityfocus.com/bid/16841
(UNKNOWN)  BID  16841
http://www.securityfocus.com/archive/1/archive/1/426824/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060306 [eVuln] Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability
http://www.osvdb.org/23480
(UNKNOWN)  OSVDB  23480
http://securityreason.com/securityalert/545
(VENDOR_ADVISORY)  SREASON  545
http://secunia.com/advisories/19004
(VENDOR_ADVISORY)  SECUNIA  19004
http://evuln.com/vulns/86/summary.html
(VENDOR_ADVISORY)  MISC  http://evuln.com/vulns/86/summary.html
http://attrition.org/pipermail/vim/2006-April/000682.html
(UNKNOWN)  VIM  20060410 VEndor ACK: Simple Machines Forum Register.php X-Forwarded-For XSS

- 漏洞信息

Simple Machines X-Forwarded-For ‘Sources/Register.php’跨站脚本攻击漏洞
中危 跨站脚本
2006-02-25 00:00:00 2006-03-02 00:00:00
远程  
        Simple Machine Forum (SMF) 1.0.6的Sources/Register.php中存在跨站脚本攻击(XSS)漏洞。远程攻击者可以借助X-Forwarded-For HTTP报头字段注入任意Web脚本或HTML。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,厂商发布了相关更新。
        Simple Machines SMF 1.0 -beta4.1
        Simple Machines SMF 1.0.7
        http://www.simplemachines.org/download/
        Simple Machines SMF 1.0 -beta4p
        Simple Machines SMF 1.0.7
        http://www.simplemachines.org/download/
        Simple Machines SMF 1.0 -beta5p
        Simple Machines SMF 1.0.7
        http://www.simplemachines.org/download/
        Simple Machines SMF 1.0.2
        Simple Machines SMF 1.0.7
        http://www.simplemachines.org/download
        Simple Machines SMF 1.0.4
        Simple Machines SMF 1.0.7
        http://www.simplemachines.org/download
        Simple Machines SMF 1.0.5
        Simple Machines SMF 1.0.7
        http://www.simplemachines.org/download/
        Simple Machines SMF 1.0.6
        Simple Machines SMF 1.0.7
        http://www.simplemachines.org/download

- 漏洞信息 (F44452)

EV0086.txt (PacketStormID:F44452)
2006-03-08 00:00:00
Aliaksandr Hartsuyeu  evuln.com
exploit,xss
CVE-2006-0896
[点击下载]

Simple Machines Forum, or SMF, version 1.0.6 is susceptible to a cross site scripting vulnerable in the X-Forwarded-For directive that can be used to commit attacks against an administrator.

New eVuln Advisory:
Simple Machines Forum - SMF 'X-Forwarded-For' XSS Vulnerability
http://evuln.com/vulns/86/summary.html

--------------------Summary----------------
eVuln ID: EV0086
CVE: CVE-2006-0896
Software: Simple Machines Forum - SMF
Sowtware's Web Site: http://www.simplemachines.org/
Versions: 1.0.6
Critical Level: Harmless
Type: Cross-Site Scripting
Class: Remote
Status: Unpatched. Developer(s) contacted.
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

-----------------Description---------------
Vulnerable script: Sources/Register.php

Variable $_SERVER['HTTP_X_FORWARDED_FOR'] isn't properly sanitized. This can be used to post HTTP query with fake X-Forwarded-For value which may contain arbitrary html or script code. This code will be executed when administrator will open "View all members" section in Administrator's control panel .

Administrator's session is threatened.

--------------Exploit----------------------
Available at: http://evuln.com/vulns/86/exploit.html

Example of HTTP POST Query:


POST /smf/index.php? PHPSESSID=fa9c180d0a3f5fae0de2d56ba6fce944&action=register2 HTTP/1.0
Host: [host]
X-Forwarded-For: anyIP[XSS]
Cookie: PHPSESSID=fa9c180d0a3f5fae0de2d56ba6fce944
Content-Length: 81

user=mmm&email=mmm@mmm.com&passwrd1=mmm&passwrd2=mmm®agree=1®Submit=Register

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)


Regards,
Aliaksandr Hartsuyeu
http://evuln.com - Penetration Testing Services
.
    

- 漏洞信息

23480
Simple Machines Forum (SMF) Register.php X-Forwarded-For XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown

- 漏洞描述

Simple Machines Forum contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'X-Forwarded-For' HTTP header variables upon submission to the 'Register.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2006-02-24 Unknow
Unknow Unknow

- 解决方案

Upgrade to version SMF 1.0.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Simple Machines X-Forwarded-For HTML Injection Vulnerability
Input Validation Error 16841
Yes No
2006-02-24 12:00:00 2006-04-10 10:52:00
Discovery of this vulnerability is credited to Aliaksandr Hartsuyeu (eVuln.com).

- 受影响的程序版本

Simple Machines SMF 1.0.6
Simple Machines SMF 1.0.5
Simple Machines SMF 1.0.4
Simple Machines SMF 1.0.2
Simple Machines SMF 1.0 -beta5p
Simple Machines SMF 1.0 -beta4p
Simple Machines SMF 1.0 -beta4.1
Simple Machines SMF 1.0.7

- 不受影响的程序版本

Simple Machines SMF 1.0.7

- 漏洞讨论


Simple Machines is prone to an HTML-injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing for the theft of cookie-based authentication credentials. An attacker could also exploit this issue to control how the site is rendered to the user; other attacks are also possible.


This issue is reported to affect Simple Machines version 1.0.6 and earlier.

- 漏洞利用


This issue may be exploited through a web browser.

- 解决方案


The vendor has released version 1.0.7 to address this issue.


Simple Machines SMF 1.0 -beta4.1

Simple Machines SMF 1.0 -beta4p

Simple Machines SMF 1.0 -beta5p

Simple Machines SMF 1.0.2

Simple Machines SMF 1.0.4

Simple Machines SMF 1.0.5

Simple Machines SMF 1.0.6

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站