黑色海岸线论坛 - Powered by Discuz! Board

标题: 如何利用这个8383 漏洞 [打印本页]

作者: xuexizhe 时间: 2004-6-6 12:29 标题: 如何利用这个8383 漏洞

扫描结果：
CGI Scripts : OSCommerce Info_Message Cross-Site Scripting Vulnerability
Port 8383
Description It has been reported that osCommerce does not sufficiently filter URI parameters supplied to multiple osCommerce scripts. As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. All code will be executed within the context of the website running osCommerce.
How to fix Upgrading to the most recent version of OSCommerce.
Risk Level High
Related Links OSCommerce Homepage

Script http://***.***.***.***:8383/default.php?info_message=%3Cscript%20language=javascript%3Ewindow.alert%28documents.cookie%29;%3C/script%3E
http://***.***.***.***:8383/default.php?info_message=%3Cscript%20language=javascript%3Ewindow.alert%28documents.cookie%29;%3C/script%3E
CVE GENERIC-MAP-NOMATCH
BugtraqID 7153
谢谢

欢迎光临黑色海岸线论坛 (http://bbs.thysea.com/)