漏洞信息详情
ZeroBoard多个远程脚本注入和跨站脚本漏洞
漏洞简介
ZeroBoard 4.1pl4及其早期版本存在PHP远程文件包含漏洞。远程攻击者可以通过修改(1)outlogin.php的_zb_path参数或(2)包含代码的远程web服务器的URL引用的write.php的dir参数,执行任意PHP代码。
漏洞公告
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] .
参考网址
来源: BUGTRAQ 名称: 20041224 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard 链接:http://marc.theaimsgroup.com/?l=bugtraq&m=110391024404947&w=2 来源: FULLDISC 名称: 20041223 STG Security Advisory: [SSA-20041220-16] PHP source injection and cross-site scripting vulnerabilities in ZeroBoard 链接:http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030224.html 来源: XF 名称: zeroboard-write-file-include(18679) 链接:http://xforce.iss.net/xforce/xfdb/18679 来源: XF 名称: zeroboard-outlogin-file-include(18677) 链接:http://xforce.iss.net/xforce/xfdb/18677 来源: BID 名称: 12103 链接:http://www.securityfocus.com/bid/12103 来源: OSVDB 名称: 12581 链接:http://www.osvdb.org/12581 来源: OSVDB 名称: 12580 链接:http://www.osvdb.org/12580 来源: SECTRACK 名称: 1012677 链接:http://securitytracker.com/id?1012677 来源: SECUNIA 名称: 13649 链接:http://secunia.com/advisories/13649
受影响实体
- Zeroboard Zeroboard:4.1_pl2<!--2000-1-1-->
- Zeroboard Zeroboard:4.1_pl3<!--2000-1-1-->
- Zeroboard Zeroboard:4.1_pl4<!--2000-1-1-->
补丁
暂无
还没有评论,来说两句吧...