1.SQL error Leak (table,column)
2.phpinfo
3.Apache httpOnly Cookie
4.XSS


1.SQL error Leak (table,column)
http://help.maxthon.cn//view.php?cid=214&tid=9
Query Error: SELECT * FROM help_contentindex i LEFT JOIN help_content c USING(tid) WHERE i.tid='9' AND cid='214'

2.phpinfo
http://help.maxthon.cn//test.php

3.Apache httpOnly Cookie Vuln
help.maxthon.cn

4.XSS

http://tuan.maxthon.cn:80//dianping/index.php?request=site&sid=547&type=" onmouseover=alert(/insight/) bad="

http://tuan.maxthon.cn//Search/?Page=5&Value=" onmouseover=alert(/insight/) bad="


1.SQL error Leak (table,column)

2.phpinfo

3.Apache httpOnly Cookie www.2cto.com

4.XSS


 

修复方案：
1.don't print error message
2.remove file
3.upgrade web server
4.Filter Iuput


作者  insight-labs