phpcms_xss.nasl

来自「漏洞扫描源码,可以扫描linux,windows,交换机路由器」· NASL 代码 · 共 59 行

NASL
59
字号 
## This script was written by David Maciejak <david dot maciejak at kyxar dot fr># # Ref: Cyrille Barthelemy <cb-publicbox ifrance com>## This script is released under the GNU GPL v2if(description){  script_id(15850);  script_version("$Revision: 38 $");  script_cve_id("CVE-2004-1202");  script_bugtraq_id(11765);    script_name(english:"phpCMS XSS"); desc["english"] = "The remote host runs phpCMS, a content management system written in PHP.This version is vulnerable to cross-site scripting due to a lack of sanitization of user-supplied data in parser.php script.Successful exploitation of this issue may allow an attacker to execute malicious script code on a vulnerable server. Solution: Upgrade to version 1.2.1pl1 or newerRisk factor : Medium";  script_description(english:desc["english"]);  script_summary(english:"Checks phpCMS XSS");  script_category(ACT_GATHER_INFO);  script_copyright(english:"This script is Copyright (C) 2004 David Maciejak");  script_family(english:"CGI abuses : XSS");  script_require_ports("Services/www", 80);  script_dependencie("http_version.nasl", "cross_site_scripting.nasl");  exit(0);}#the codeinclude("http_func.inc");include("http_keepalive.inc");port = get_http_port(default:80);if ( ! get_port_state(port))exit(0);if ( ! can_host_php(port:port) ) exit(0);if ( get_kb_item("www/" + port + "/generic_xss") ) exit(0);buf = http_get(item:"/parser/parser.php?file=<script>foo</script>", port:port);r = http_keepalive_send_recv(port:port, data:buf, bodyonly:1);if( r == NULL )exit(0);if(egrep(pattern:"<script>foo</script>", string:r)){  security_warning(port);  exit(0);}

phpcms_xss.nasl - 源码说明

本页面展示了「漏洞扫描源码,可以扫描linux,windows,交换机路由器」中的 phpcms_xss.nasl 源码文件,采用 NASL 编程语言编写,共 59 行代码。您可以在线阅读完整代码内容,也可以返回资源详情页下载完整源码包进行本地学习和开发。

虫虫下载站收录了大量与windows相关的技术资源,包括源代码、技术文档、电路图等,是电子工程师和嵌入式开发者的专业学习平台。

⌨️ 快捷键说明

复制代码Ctrl + C
搜索代码Ctrl + F
全屏模式F11
增大字号Ctrl + =
减小字号Ctrl + -
显示快捷键?