标题: DIGIT Cms SQL Injection / XSS Multiple Vulnerability 作者: BHG Security Center 下载 地址: http://www.dig-it.co.il/ 影响版本: [1.0.7] 测试平台: ubuntu 11.04 发现者列表 - Net.Edit0r (Net.edit0r [at] att [dot] net) - G3n3Rall (Ant1_s3cur1ty [at] yahoo [dot] com) ----------------------------------------------------------------------------------------- DIGIT Israel Cms SQL Injection / XSS Multiple Vulnerability ----------------------------------------------------------------------------------------- Author : BHG Security Center Web : http://Black-Hg.Org Where : From Remote --------------------------------------------------------------------------- PoC/Exploit: ~~~~~~~~~~ ~ [PoC] ~: /website_path/Default. asp ?sType=0&PageId=[Sqli] ~ [PoC]Http://www.2cto.com /path/Default.asp?sType=0&PageId=[Sqli] Enter In Search Box XSS Code ~ <FORM action="Default.asp?PageId=-1" method=POST id=searchFORM name=searchFORM style="margin:0;padding:0"> <INPUT type="hidden" value="" name="txtSEARCH"> </FORM> ~ [PoC] ~: Http://www.2cto.com /path/Default.asp Note: There are vulnerabilities in the search field that you can use
查看更多关于DIGIT CMS多个缺陷及修复 - 网站安全 - 自学php的详细内容...