研究生数学建模竞赛开始报名了!!
Summary</B>MySQLguest by "Allwebscripts is a guestbook script that uses MySQL to store messages".Allwebscripts' MySQLguest is vulnerable to a source code injection vulnerability in the AWSguest.php page. The vulnerability occurs as fields in the AWSguest.php page do not adequately sanitize HTML, script or PHP code.
Details</B>In the AWSguest.php page, any of the following fields can be used to inject arbitrary HTML, JavaScript or PHP: "Name", "Email", "Homepage" and "Comments".
<B>Exploit:</B>
E-mail: <?php echo <p>Hello World</p>
Homepage: <script language=javascript>alert ("Messagebox")
Comments: <IFRAME SRC=www.computerknights.org>
Additional information</B>The information has been provided by <B>BliZZard</B>.
页:
[1]