Land Down Under BBCode HTML注入漏洞

漏洞信息详情

Land Down Under BBCode HTML注入漏洞

• CNNVD编号：CNNVD-200405-067
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2004-2038
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2004-05-29
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-20
  
• 厂        商：
  
  neocrome
• 漏洞来源：
  Discovery is credi…

Land Down Under (LDU)700之前的版本存在跨站脚本漏洞。远程攻击者借助(1)functions.php，(2) header.php 或者(3）auth.inc.php的BBcode img标签注入任意web脚本或者HTML。

This issue has been addressed in Land Down Under 700-04 and later. Users are advised to upgrade.
Land Down Under Land Down Under 601

• Land Down Under Land Down Under 700-05
  
  http://ldu.neocrome.net/page.php?id=1357

Land Down Under Land Down Under 602

• Land Down Under Land Down Under 700-05
  
  http://ldu.neocrome.net/page.php?id=1357

Land Down Under Land Down Under 700-03

• Land Down Under Land Down Under 700-05
  
  http://ldu.neocrome.net/page.php?id=1357

Land Down Under Land Down Under 700-01

• Land Down Under Land Down Under 700-05
  
  http://ldu.neocrome.net/page.php?id=1357

Land Down Under Land Down Under 700-02

• Land Down Under Land Down Under 700-05
  
  http://ldu.neocrome.net/page.php?id=1357

来源: OSVDB
名称: 6511
链接:http://www.osvdb.org/6511

来源: OSVDB
名称: 6510
链接:http://www.osvdb.org/6510

来源: OSVDB
名称: 6508
链接:http://www.osvdb.org/6508

来源: SECUNIA
名称: 11739
链接:http://secunia.com/advisories/11739

来源: XF
名称: ldu-bbcode-xss(16284)
链接:http://xforce.iss.net/xforce/xfdb/16284

来源: BID
名称: 10435
链接:http://www.securityfocus.com/bid/10435

来源: SECTRACK
名称: 1010335
链接:http://securitytracker.com/alerts/2004/May/1010335.html

来源: BUGTRAQ
名称: 20040529 LDU (land down under) xss vulnerability
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=108585789220174&w=2