ID SSV:4317
Type seebug
Reporter Root
Modified 2008-10-25T00:00:00
Description
BugCVE: CAN-2002-0217
BUGTRAQ: 3978
Xoops是一个用面向对象的PHP写的开源、免费的web程序,它用MySQL作为后台数据库,可以运行于大多数的Unix和Linux系统。Xoops的用户个人消息系统存在跨站脚本执行漏洞,攻击者可能利用此漏洞窃取用户的cookie等信息。。
个人消息系统的标题栏没有很好的过滤脚本代码,当用户收到攻击者发来的个人消息,里面包含的恶意脚本代码将被执行,出现跨站脚本执行问题。这个漏洞可以让攻击者窃取用户基于cookie的认证信息等等。
1.0 RC1
如果您不能立刻安装补丁或者升级,建议您采取以下措施以降低威胁:
- 修改程序,过滤要显示的javascript代码。如果修改程序有困难,请暂时停止使用Xoops。
厂商补丁:
Xoops
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
<a href=http://xoops.sourceforge.net/ target=_blank>http://xoops.sourceforge.net/</a>
{"sourceData": "", "status": "details", "description": "BugCVE: CAN-2002-0217\r\nBUGTRAQ: 3978\r\n\r\nXoops\u662f\u4e00\u4e2a\u7528\u9762\u5411\u5bf9\u8c61\u7684PHP\u5199\u7684\u5f00\u6e90\u3001\u514d\u8d39\u7684web\u7a0b\u5e8f\uff0c\u5b83\u7528MySQL\u4f5c\u4e3a\u540e\u53f0\u6570\u636e\u5e93\uff0c\u53ef\u4ee5\u8fd0\u884c\u4e8e\u5927\u591a\u6570\u7684Unix\u548cLinux\u7cfb\u7edf\u3002Xoops\u7684\u7528\u6237\u4e2a\u4eba\u6d88\u606f\u7cfb\u7edf\u5b58\u5728\u8de8\u7ad9\u811a\u672c\u6267\u884c\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u7a83\u53d6\u7528\u6237\u7684cookie\u7b49\u4fe1\u606f\u3002\u3002\r\n\r\n\u4e2a\u4eba\u6d88\u606f\u7cfb\u7edf\u7684\u6807\u9898\u680f\u6ca1\u6709\u5f88\u597d\u7684\u8fc7\u6ee4\u811a\u672c\u4ee3\u7801\uff0c\u5f53\u7528\u6237\u6536\u5230\u653b\u51fb\u8005\u53d1\u6765\u7684\u4e2a\u4eba\u6d88\u606f\uff0c\u91cc\u9762\u5305\u542b\u7684\u6076\u610f\u811a\u672c\u4ee3\u7801\u5c06\u88ab\u6267\u884c\uff0c\u51fa\u73b0\u8de8\u7ad9\u811a\u672c\u6267\u884c\u95ee\u9898\u3002\u8fd9\u4e2a\u6f0f\u6d1e\u53ef\u4ee5\u8ba9\u653b\u51fb\u8005\u7a83\u53d6\u7528\u6237\u57fa\u4e8ecookie\u7684\u8ba4\u8bc1\u4fe1\u606f\u7b49\u7b49\u3002\n\n1.0 RC1\n \u5982\u679c\u60a8\u4e0d\u80fd\u7acb\u523b\u5b89\u88c5\u8865\u4e01\u6216\u8005\u5347\u7ea7\uff0c\u5efa\u8bae\u60a8\u91c7\u53d6\u4ee5\u4e0b\u63aa\u65bd\u4ee5\u964d\u4f4e\u5a01\u80c1\uff1a\r\n\r\n* \u4fee\u6539\u7a0b\u5e8f\uff0c\u8fc7\u6ee4\u8981\u663e\u793a\u7684javascript\u4ee3\u7801\u3002\u5982\u679c\u4fee\u6539\u7a0b\u5e8f\u6709\u56f0\u96be\uff0c\u8bf7\u6682\u65f6\u505c\u6b62\u4f7f\u7528Xoops\u3002\r\n\u5382\u5546\u8865\u4e01\uff1a\r\nXoops\r\n-----\r\n\u76ee\u524d\u5382\u5546\u8fd8\u6ca1\u6709\u63d0\u4f9b\u8865\u4e01\u6216\u8005\u5347\u7ea7\u7a0b\u5e8f\uff0c\u6211\u4eec\u5efa\u8bae\u4f7f\u7528\u6b64\u8f6f\u4ef6\u7684\u7528\u6237\u968f\u65f6\u5173\u6ce8\u5382\u5546\u7684\u4e3b\u9875\u4ee5\u83b7\u53d6\u6700\u65b0\u7248\u672c\uff1a\r\n<a href=http://xoops.sourceforge.net/ target=_blank>http://xoops.sourceforge.net/</a>", "sourceHref": "", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-4317", "type": "seebug", "viewCount": 2, "references": [], "lastseen": "2017-11-19T21:22:54", "published": "2008-10-25T00:00:00", "cvelist": ["CVE-2002-0217"], "id": "SSV:4317", "enchantments_done": [], "modified": "2008-10-25T00:00:00", "title": "Xoops\u4e2a\u4eba\u6d88\u606f\u7cfb\u7edf\u8de8\u7ad9\u811a\u672c\u6267\u884c(CSS/XSS)\u6f0f\u6d1e", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2017-11-19T21:22:54", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2002-0217"]}, {"type": "osvdb", "idList": ["OSVDB:9288", "OSVDB:9287"]}, {"type": "nessus", "idList": ["XOOPS_PATH_DISCLOSURE.NASL"]}], "modified": "2017-11-19T21:22:54", "rev": 2}, "vulnersScore": 6.4}, "immutableFields": []}
{"cve": [{"lastseen": "2021-02-02T05:19:06", "description": "Cross-site scripting (CSS) vulnerabilities in the Private Message System for XOOPS 1.0 RC1 allow remote attackers to execute Javascript on other web clients via (1) the Title field or a Private Message Box or (2) the image field parameter in pmlite.php.", "edition": 4, "cvss3": {}, "published": "2002-05-16T04:00:00", "title": "CVE-2002-0217", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2002-0217"], "modified": "2008-09-11T00:00:00", "cpe": ["cpe:/a:xoops:xoops:1.0_rc1"], "id": "CVE-2002-0217", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0217", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:xoops:xoops:1.0_rc1:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "cvelist": ["CVE-2002-0217"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://xoops.sourceforge.net/modules/news/\n[Related OSVDB ID: 9287](https://vulners.com/osvdb/OSVDB:9287)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-01/0351.html\nISS X-Force ID: 8030\n[CVE-2002-0217](https://vulners.com/cve/CVE-2002-0217)\nBugtraq ID: 3981\n", "modified": "2002-01-29T00:00:00", "published": "2002-01-29T00:00:00", "id": "OSVDB:9288", "href": "https://vulners.com/osvdb/OSVDB:9288", "title": "XOOPS Private Message System pmlite.php Image Field Parameter XSS", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:04", "bulletinFamily": "software", "cvelist": ["CVE-2002-0217"], "edition": 1, "description": "# No description provided by the source\n\n## References:\nVendor URL: http://xoops.sourceforge.net/modules/news/\n[Related OSVDB ID: 9288](https://vulners.com/osvdb/OSVDB:9288)\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-01/0351.html\nISS X-Force ID: 8030\n[CVE-2002-0217](https://vulners.com/cve/CVE-2002-0217)\nBugtraq ID: 3981\n", "modified": "2002-01-29T00:00:00", "published": "2002-01-29T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:9287", "id": "OSVDB:9287", "title": "XOOPS Private Message System Private Message Multiple Field XSS", "type": "osvdb", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-20T15:49:20", "description": "The version of XOOPS installed on the remote host is affected by SQL\ninjection, cross-site scripting, and information disclosure.", "edition": 24, "published": "2003-03-22T00:00:00", "title": "XOOPS 1.0 RC1 Multiple Vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2002-0217", "CVE-2002-1802", "CVE-2002-0216"], "modified": "2003-03-22T00:00:00", "cpe": [], "id": "XOOPS_PATH_DISCLOSURE.NASL", "href": "https://www.tenable.com/plugins/nessus/11439", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\n# Ref :\n# Date: 20 Mar 2003 19:58:55 -0000\n# From: \"Gregory\" Le Bras <gregory.lebras@security-corporation.com>\n# To: bugtraq@securityfocus.com\n# Subject: [SCSA-011] Path Disclosure Vulnerability in XOOPS\n#\n# This check will incidentally cover other flaws.\n\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(11439);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n script_cve_id(\"CVE-2002-0216\", \"CVE-2002-0217\", \"CVE-2002-1802\");\n script_bugtraq_id(3977, 3978, 3981, 5785, 6344, 6393);\n\n script_name(english:\"XOOPS 1.0 RC1 Multiple Vulnerabilities\");\n script_summary(english:\"Checks for XOOPS\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote web server contains a PHP application that is prone to\nmultiple vulnerabilities.\" );\n script_set_attribute(attribute:\"description\", value:\n\"The version of XOOPS installed on the remote host is affected by SQL\ninjection, cross-site scripting, and information disclosure.\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://marc.info/?l=bugtraq&m=104820295115420&w=2\");\n script_set_attribute(attribute:\"see_also\", value:\"https://marc.info/?l=bugtraq&m=101232435812837&w=2\" );\n script_set_attribute(attribute:\"see_also\", value:\"https://marc.info/?l=bugtraq&m=101232476214247&w=2\" );\n script_set_attribute(attribute:\"solution\", value:\"Unknown at this time.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2002/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2003/03/22\");\n\nscript_set_attribute(attribute:\"plugin_type\", value:\"remote\");\nscript_end_attributes();\n\n script_category(ACT_ATTACK);\n script_copyright(english:\"This script is Copyright (C) 2003-2021 Tenable Network Security, Inc.\");\n script_family(english:\"CGI abuses\");\n script_dependencie(\"xoops_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_require_keys(\"www/xoops\");\n exit(0);\n}\n\n# The script code starts here\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php: 1);\n\n\n# Test an install.\nz = get_install_from_kb(appname: \"xoops\", port: port, exit_on_fail: 1);\n\nd = z['dir'];\n\nu = strcat(d, \"/index.php?xoopsOption=nessus\");\nw = http_send_recv3(method:\"GET\", item: u, port:port, exit_on_fail: 1);\nif (egrep(pattern:\"Fatal error.* in <b>/\", string: w[2]))\n{\n if (report_verbosity <= 0)\n security_hole(port);\n else\n {\n e = get_vuln_report(items: u, port: port);\n security_hole(port: port, extra: e);\n }\n set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);\n set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
