WebsiteKit Gbplus – ‘Name’ / ‘Body’ HTML Injection

Exploit Database
42 阅读

作者： MiND

日期： 2010-08-29
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/34541/

source: https://www.securityfocus.com/bid/42842/info

Gbplus is prone to multiple HTML-injection vulnerabilities because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Successful exploits will allow attacker-supplied HTML and script code to run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible. 


Inject the following data into the vulnerable fields:

<meta http-equiv="refresh" content="0;url=http://www.example.com/" />

last Exploits
WebsiteKit Gbplus – ‘Name’ / ‘Body’ HTML Injection的更多信息

MyBB Thank You/Like Plugin 3.0.0 – Cross-Site Scripting：
XOOPS 2.x – Multiple Cross-Site Scripting Vulnerabilities：
PHP Press Release – Cross-Site Request Forgery (Add Admin)：
Jenkins Gitlab Hook Plugin 1.4.2 – Reflected Cross-Site Scripting：
Vehicle Sales Management System – Multiple Vulnerabilities：
AVE DOMINAplus 1.10.x – Unauthenticated Remote Reboot：
net4visions (Multiple Products) – ‘dir’ Multiple Cross-Site Scripting Vulnerabilities：
Pligg CMS 2.0.1 – Multiple Vulnerabilities：