[转载]SiteEnable跨站脚本以及SQL injection漏洞
信息来源:A^C^ESummary
SiteEnable is "a simple content management, combined with powerful functionality". Two types security vulnerabilities have been found in the SiteEnable, one allows injecting arbitrary HTML and/or JavaScript, while the other allows injecting arbitrary SQL statements.
Credit:
The information has been provided by Zinho.
Details
Cross Site Scripting:
Due to poor filtering of the 'contenttype' variable a remote user can inject arbitrary HTML and/or JavaScript into the content returned to the user:
[url]http://site/content.asp?contenttype=%3Cscript%3Ealert[/url](document.cookie)%3C/script%3E
Another more severe script injection is in the Submit a Quote page in which neither title or description fields are filtered. This can affect all the visitors of the site. Anyone can inject a silent script and grab anyone's password or cookie.
SQL Injection:
The 'sortby' parameter is directly passed to the SQL string without any checks. The following URL can be used to determine whether you are vulnerable or not:
[url]http://site/content.asp?do_search=0&keywords=contact&page_no=2&sortby=;SELECT%20[/url]* FROM bla bla--
页:
[1]