DieselScripts Diesel Paid Mail Getad.PHP

2014-07-01T00:00:00
ID SSV:81992
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

漏洞类型:

输入验证错误

漏洞文件:

Getad.PHP

漏洞危害:

攻击者利用该漏洞可以获取用户cookie,从而执行其他攻击行为

解决方案:

厂商没有补丁,推荐使用加速乐:)

                                        
                                            
                                                source: http://www.securityfocus.com/bid/19646/info

Paid Mail is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. 

An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

http://www.example.com/[Script Path]/site/getad.php?refid=&email=default&ps=[XSS]