Multiple vulnerabilities in okphp series products_PHP tutorial

Author of this article: SuperHei
Article nature: Original
Published date: 2005-08-14
Program description
OKPHP is a professional set of software developed by www.okphp.com Website management system, current products include: Okphp CMS, Okphp BBS, Okphp BLOG. Due to the lax filtering of variables and lax password authentication, SQL injection, XSS, and hidden variable post attacks are caused by cross-privilege operations.
Vulnerability Attack
1. SQl injection and xss
“Almost” exists in each variable, such as: forum.php

http://www.xxx.com/forum.php?action=view_forum&forum_id={sql}
http://cn.okphp.com/forum.php?action=view_forum&forum_id='xss
.......
2. Hidden variable post attack
When submitting request.php?action=user_modify to modify user information, there is no password authentication, which makes it easy to modify the user password and password through user_id. Information;
Exp:

Modify information
Password	Repeat input http://www.bkjia.com/PHPjc/629812.htmlwww.bkjia.comtruehttp: //www.bkjia.com/PHPjc/629812.htmlTechArticleAuthor of this article: SuperHei Nature of article: Original publication date: 2005-08-14 Program description OKPHP is developed by www. okphp.com develops a professional website management system. Current products include: Okphp CMS,... Related labels： author Original release Multiple nature article date loopholes of Previous article：How to lock files under PHP_PHP Tutorial Next article：The wonderful use of Include to implement path encryption_PHP tutorial Statement of this Website The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn Latest Articles by Author What is a NullPointerException, and how do I fix it? 2024-10-22 09:46:29 From Novice to Coder: Your Journey Begins with C Fundamentals 2024-10-13 13:53:41 Unlocking Web Development with PHP: A Beginner's Guide 2024-10-12 12:15:51 Demystifying C: A Clear and Simple Path for New Programmers 2024-10-11 22:47:31 Unlock Your Coding Potential: C Programming for Absolute Beginners 2024-10-11 19:36:51 Unleash Your Inner Programmer: C for Absolute Beginners 2024-10-11 15:50:41 Automate Your Life with C: Scripts and Tools for Beginners 2024-10-11 15:07:41 PHP Made Easy: Your First Steps in Web Development 2024-10-11 14:21:21 Build Anything with Python: A Beginner's Guide to Unleashing Your Creativity 2024-10-11 12:59:11 The Key to Coding: Unlocking the Power of Python for Beginners 2024-10-11 12:17:31 Latest Issues Team collaboration - What should I do if someone needs the feature I wrote as a dependency in git flow? From 1970-01-01 08:00:00 0 0 0 Objective-c - Constraints for iOS a warning issue From 1970-01-01 08:00:00 0 0 0 Confusion about using gitlab's fork&pull request mode within the team From 1970-01-01 08:00:00 0 0 0 Objective-c - In iOS development, Instagram cannot be authorized after logging in. Instagram does not jump back to the application. How to get the callback address? From 1970-01-01 08:00:00 0 0 0 Version Control - About the use of SVN and GIT in company projects? From 1970-01-01 08:00:00 0 0 0 Related Topics More> How to create an index in word ps paint bucket shortcut keys What should I do if I forget my broadband password? The role of Serverlet in Java What is the difference between css framework and component library windows automatic update What types of files can be identified based on How to open psd files Popular Recommendations How to set up hosts on Mac computer (steps with pictures and text) Quickly build a simple QQ robot with PHP API common signature verification methods (PHP implementation) Collection of common date and time operations in PHP PHP generates graphic verification code (enhanced interference type) Popular Tutorials More> Related Tutorials Popular Recommendations Latest courses The latest ThinkPHP 5.1 world premiere video tutorial (60 days to become a PHP expert online training course) 1433334 PHP introductory tutorial one: Learn PHP in one week 4288749 JAVA Beginner's Video Tutorial 2627909 Little Turtle's zero-based introduction to learning Python video tutorial 514405 PHP zero-based introductory tutorial 873330 The latest ThinkPHP 5.1 world premiere video tutorial (60 days to become a PHP expert online training course) 1433334 times of learning JAVA Beginner's Video Tutorial 2627909 times of learning Little Turtle's zero-based introduction to learning Python video tutorial 514405 times of learning Quick introduction to web front-end development 216747 times of learning Master PS video tutorials from scratch 912264 times of learning [Web front-end] Node.js quick start 9037 times of learning Complete collection of foreign web development full-stack courses 7262 times of learning Go language practical GraphQL 6150 times of learning 550W fan master learns JavaScript from scratch step by step 796 times of learning Python master Mosh, a beginner with zero basic knowledge can get started in 6 hours 30628 times of learning Latest Downloads More> Web Effects Website Source Code Website Materials Front End Template [form button] jQuery enterprise message form contact code [Player special effects] HTML5 MP3 music box playback effects [Menu navigation] HTML5 cool particle animation navigation menu special effects [form button] jQuery visual form drag and drop editing code [Player special effects] VUE.JS imitation Kugou music player code [html5 special effects] Classic html5 pushing box game [Picture special effects] jQuery scrolling to add or reduce image effects [Photo album effects] CSS3 personal album cover hover zoom effect [Front-end template] Home Decor Cleaning and Repair Service Company Website Template [Front-end template] Fresh color personal resume guide page template [Front-end template] Designer Creative Job Resume Web Template [Front-end template] Modern engineering construction company website template [Front-end template] Responsive HTML5 template for educational service institutions [Front-end template] Online e-book store mall website template [Front-end template] IT technology solves Internet company website template [Front-end template] Purple style foreign exchange trading service website template [PNG material] Cute summer elements vector material (EPS PNG) [PNG material] Four red 2023 graduation badges vector material (AI EPS PNG) [banner picture] Singing bird and cart filled with flowers design spring banner vector material (AI EPS) [PNG material] Golden graduation cap vector material (EPS PNG) [PNG material] Black and white style mountain icon vector material (EPS PNG) [PNG material] Superhero silhouette vector material (EPS PNG) with different color cloaks and different poses [banner picture] Flat style Arbor Day banner vector material (AI+EPS) [PNG material] Nine comic-style exploding chat bubbles vector material (EPS+PNG) [Front-end template] Home Decor Cleaning and Repair Service Company Website Template [Front-end template] Fresh color personal resume guide page template [Front-end template] Designer Creative Job Resume Web Template [Front-end template] Modern engineering construction company website template [Front-end template] Responsive HTML5 template for educational service institutions [Front-end template] Online e-book store mall website template [Front-end template] IT technology solves Internet company website template [Front-end template] Purple style foreign exchange trading service website template Public welfare online PHP training，Help PHP learners grow quickly！ About us Disclaimer Sitemap © php.cn All rights reserved