扫描结果:
CGI Scripts : OSCommerce Info_Message Cross-Site Scripting Vulnerability
Port 8383
Description It has been reported that osCommerce does not sufficiently filter URI parameters supplied to multiple osCommerce scripts. As a result of this deficiency, it is possible for a remote attacker to create a malicious link containing script code that will be executed in the browser of a legitimate user. All code will be executed within the context of the website running osCommerce.
How to fix Upgrading to the most recent version of OSCommerce.
Risk Level High
Related Links OSCommerce Homepage
Script http://***.***.***.***:8383/default.php?info_message=%3Cscript%20language=javascript%3Ewindow.alert%28documents.cookie%29;%3C/script%3E
http://***.***.***.***:8383/default.php?info_message=%3Cscript%20language=javascript%3Ewindow.alert%28documents.cookie%29;%3C/script%3E
CVE GENERIC-MAP-NOMATCH
BugtraqID 7153
谢谢
|
