|
Voici la 210e page demandée aujourd'hui.
|
 |
|||||||
 | |||||||
 | |||||||
 | |||||||
 | |||||||
 | |||||||
 | |||||||
 | |||||||
|
|
|||||||
|
| |||||||
|
|
|
Exploits et Vulnérabilités logiciel sur ground418
|
||||||||||||||||||||||||||
|
Texte original (anglais) : || Script : SMF (Simple Machine Forum) 1.1.11 || Vulnerability Type : Active XSS ( Active Cross Site Scripting ) || Risk : Low || Discovered By Khashayar Fereidani || http://ircrash.com http://bugtraq.ircrash.com || Note : For use this vulnerability you need access to censor words panel . 1.First login and go to : http://site/path/index.php?action=postsettings;sa=censor click on "Click here to add another word." for add new row . set new text box : ircrash => "<script>alert('Vulnerable')</script> and save page . 2.Open new typic and set title : ircrash , fill all fields and post typic . 3.Open forum home page . you see alert : Vulerable You can set any html or java script code . hackers can home deface forum or set activex for virus . || Solution : filter censor page variables with htmlspecialchars . || Tnx : Only For God | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||
| partenaires | |
| |
|
| |