关键信息 漏洞标题 VHCS - Virtual Hosting Control System Cross Site Scripting 发布日期 2006.05.04 危险等级 Low 详细信息 CVE: CVE-2006-2174 CWE: CWE-79 CVSS Base Score: 4.3/10 - Impact Subscore: 2.9/10 - Confidentiality impact: None - Integrity impact: Partial - Exploitability Subscore: 8.6/10 - Attack complexity: Medium - Authentication: No required 攻击方法 Cross Site Scripting 漏洞描述 VHCS is a powerful Hosting Management Proof of Concept [target]/admin/server_day_stats.php?year=2006&month=05&day=2[xss] [target]/admin/server_day_stats.php?year=2006&month=05[xss]&day=2 [target]/admin/server_day_stats.php?year=2006[xss]&month=05&day=2 解决方案 Contact: Advisory (at) Aria-Security (dot) net 其他信息 Credit: outlaw.aria-security.net Remote: Yes Local: No Link: http://www.vhcs.net Discovery: O.U.T.L.A.W Software: VHCS Advisory: http://www.aria-security.net/hm/vhcs.txt