CVE-2008-6465 PoC — Parallels H-Sphere 脚本login.php 跨站脚本攻击漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2008/CVE-2008-6465.yaml

Associated Vulnerability

Title:Parallels H-Sphere 脚本login.php 跨站脚本攻击漏洞 (CVE-2008-6465)
Description:H-Sphere是一个主机托管服务网站自动化控制程序，一个可扩展的多服务器虚拟主机的解决方案。目前可用于Linux，Unix和Windows环境和MySQL，PostgreSQL和Microsoft SQL Server数据库等数据库环境。 Parallels H-Sphere 3.0.0 P9版本和3.1 P1版本的webshell4中的login.php存在多个跨站脚本攻击漏洞。远程攻击者可以借助(1)err,(2)错误代码和(3)登陆参数，注入任意web脚本或HTML。

Description

Parallels H-Sphere 3.0.0 P9 and 3.1 P1 contains multiple cross-site scripting vulnerabilities in login.php in webshell4. An attacker can inject arbitrary web script or HTML via the err, errorcode, and login parameters, thus allowing theft of cookie-based authentication credentials and launch of other attacks.

File Snapshot


 id: CVE-2008-6465

info:
  name: Parallels H-Sphere 3.0.0 P9/3.1 P1 - Cross-Site Scripting
  author:

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!