Wikiwig 5.01 – Cross-Site Scripting / HTML Injection

Exploit Database
17 阅读

作者： AutoSec Tools

日期： 2011-03-10
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35469/

source: https://www.securityfocus.com/bid/46888/info

Wikiwig is prone to a cross-site scripting vulnerability and an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.

Wikiwig 5.01 is vulnerable; other versions may also be affected. 

http://www.example.com/wikiwig5.01/_wk/Xinha/plugins/SpellChecker/spell-check-savedicts.php?to_r_list=%3Cscript%3Ealert(0)%3C%2fscript%3E

last Exploits
Wikiwig 5.01 – Cross-Site Scripting / HTML Injection的更多信息

Joomla! Component Event Registration Pro Calendar 4.1.3 – SQL Injection：
Harris Stratex StarMAX 2100 WIMAX Subscriber Station – Running Configuration Cross-Site Request Forgery：
EasyPHP – ‘main.php’ SQL Injection：
Simple Machine Forum 2.0.x < 2.0.4 - File Disclosure / Directory Traversal：
Realmarketing CMS – Multiple SQL Injections：
Thomson Reuters Concourse & Firm Central < 2.13.0097 - Directory Traversal / Local File Inclusion：
Claroline 1.10 – Persistent Cross-Site Scripting：
Movie Portal Script 7.36 – Multiple Vulnerabilities：