来源:自学PHP网 时间:2015-04-17 13:03 作者: 阅读:次
[导读] swDesk多个缺陷这作者: Red Security TEAM www.2cto.com开发者: http://www.swdesk.com/测试平台: Apache测试:## I. 任意文件上传# 1. Go to http://www.2cto.com /create_ticket.php# 2. Fil a......
|
swDesk多个缺陷
这作者: Red Security TEAM www.2cto.com 开发者: http://www.swdesk.com/ 测试平台: Apache 测试: # # I. 任意文件上传 # 1. Go to http://www.2cto.com /create_ticket.php # 2. Fil all Input Fields And Click on Submit Ticket # 3. Click on the View Ticket and you should go to the link Like : http://www.2cto.com /view_ticket.php?email=[Your Email]&id=1 # 4. You see Send Message box , Write any thing there and attach your PHP file in the Upload attachment and Click on Send Message # 5. You can see your attachment above Like : Attachment: shell.php , Click on it and you see your PHP code has been runed ;) # # II. PHP代码注入 # 1. Go to http://www.2cto.com /signin.php : Vulnerability Input Fields : email , password # 2. Write your php in Input Fields Like : phpi${@print(RedSecurityTEAM)} # # III. XSS 缺陷 # 1. http://www.2cto.com /view_ticket.php?email=example@example.com&id=" onmouseover=alert(1) bad=" # 2. http://www.2cto.com /kb_search.php?keywords=" onmouseover=alert(1) bad="&mode=Search www.2cto.com修复: 针对性过滤和验证 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
