数学建模社区-数学中国

标题: 研究生数学建模竞赛开始报名了!! [打印本页]

作者: 韩冰    时间: 2004-10-6 09:52
标题: 研究生数学建模竞赛开始报名了!!
SummaryMySQLguest by "Allwebscripts is a guestbook script that uses MySQL to store messages"./ g6 M/ `7 ~9 E2 `- r / V6 x7 v2 a7 ^1 X9 m Allwebscripts' MySQLguest is vulnerable to a source code injection vulnerability in the AWSguest.php page. The vulnerability occurs as fields in the AWSguest.php page do not adequately sanitize HTML, script or PHP code.$ A5 k7 r$ G% V3 M1 F, e 0 c- l w4 i9 ?" |, f( e DetailsIn the AWSguest.php page, any of the following fields can be used to inject arbitrary HTML, JavaScript or PHP: "Name", "Email", "Homepage" and "Comments".+ C7 M0 W7 o* @" X' m( b7 G8 I * T c- _) \& K: E- J Exploit: ' M+ ~; u/ c7 `8 ?" D6 X0 P! rE-mail: <?php echo <p>Hello World</p>* b5 G+ ]5 O) \) b- d7 @5 \ Homepage: <script language=javascript>alert ("Messagebox") + h( S0 k. w3 LComments: <IFRAME SRC=www.computerknights.org> # A0 ]) l+ g! @) P3 @3 j% R / n# ^9 I5 r1 }8 N; |! [ Additional informationThe information has been provided by BliZZard.




欢迎光临 数学建模社区-数学中国 (http://www.madio.net/) Powered by Discuz! X2.5