Woltlab Burning Board (wBB)/Burning Board Lite register.php 跨站脚本攻击漏洞

漏洞信息详情

Woltlab Burning Board (wBB)/Burning Board Lite register.php 跨站脚本攻击漏洞

• CNNVD编号：CNNVD-200703-353
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2007-1443
  
• 漏洞类型：
  
  
  跨站脚本
  
• 发布时间：
  
  2007-03-13
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2007-04-10
  
• 厂        商：
  
  woltlab
• 漏洞来源：

Woltlab Burning Board (wBB) 2.3.6和Burning Board Lite 1.0.2pl3e的register.php中存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)r_username,(2)r_email,(3)r_password,(4)r_confirmpassword,(5)r_homepage,(6)r_icq,(7)r_aim,(8)r_yim,(9)r_msn,(10)r_year,(11)r_month, (12)r_day,(13)r_gender,(14)r_signature,(15)r_usertext,(16)r_invisible,(17)r_usecookies,(18)r_admincanemail,(19) r_emailnotify,(20)r_notificationperpm,(21)r_receivepm,(22)r_emailonpm,(23)r_pmpopup,(24)r_showsignatures,(25)r_showavatars,(26) r_showimages,(27)r_daysprune,(28)r_umaxposts,(29)r_dateformat,(30)r_timeformat,(31)r_startweek,(32)r_timezoneoffset,(33) r_usewysiwyg,(34)r_styleid,(35)r_langid,(36)key_string,(37)key_number,(38)disablesmilies,(39)disablebbcode,(40)disableimages,(41)field[1],(42)field[2]和(43)field[3]参数，注入任意的web脚本或HTML。

来源: BUGTRAQ
名称: 20070302 Re: Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS – 0day
链接:http://www.securityfocus.com/archive/1/archive/1/461744/100/100/threaded

来源: BUGTRAQ
名称: 20070302 Woltlab Burning Board (wbb) 2.3.6 CSRF/XSS – 0day
链接:http://www.securityfocus.com/archive/1/archive/1/461737/100/100/threaded

来源: VUPEN
名称: ADV-2007-0856
链接:http://www.frsirt.com/english/advisories/2007/0856

来源: SECUNIA
名称: 24404
链接:http://secunia.com/advisories/24404

来源: SECUNIA
名称: 24386
链接:http://secunia.com/advisories/24386

来源: SREASON
名称: 2424
链接:http://securityreason.com/securityalert/2424