- 34,599
- 0
- 18 Дек 2022
- EDB-ID
- 24290
- Проверка EDB
-
- Пройдено
- Автор
- DARKBICHO
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2004-0660
- Дата публикации
- 2004-07-19
CuteNews 1.3 - Comment HTML Injection
Код:
source: https://www.securityfocus.com/bid/10750/info
CutePHP is reported prone to an HTML injection vulnerability.
The vulnerability exists due to insufficient sanitization of user-supplied input. Specifically, user-supplied input to comment posts are not sufficiently sanitized of malicious HTML code.
An attacker can exploit this vulnerability by adding HTML code within URI arguments. The hostile code may be rendered in the user's browser when the user views the entry.
Exploitation could permit an attacker to steal cookie-based authentication credentials or launch other attacks.
http://www.example.com/show_news.php?subaction=addcomment&name=UserName&comments=http://www.example.com&id=1078525267||1090074219|UserName|none|127.0.0.1|<script>alert("example");</script>||- Источник
- www.exploit-db.com
