Article Topic Learning Download Q&A Programming Dictionary Game Recent Updates

简体中文(ZH-CN) English(EN) 繁体中文(ZH-TW) 日本語(JA) 한국어(KO) Melayu(MS) Français(FR) Deutsch(DE)

Home > Backend Development > PHP Tutorial > body text

okphp系列产品的多个漏洞_PHP

WBOY

Release： 2016-06-01 12:25:32

Original

1147 people have browsed it

本文作者：SuperHei
文章性质：原创
发布日期：2005-08-14

程序描叙

　　OKPHP是由www.okphp.com开发一套专业的网站管理系统，目前产品包括：Okphp CMS， Okphp BBS，Okphp BLOG。由于对变量的过滤不严密及密码认证不严，导致sql注射，xss，隐藏变量post攻击从跨权限操作。

漏洞攻击

1、SQl注射及xss

　　“几乎” 存在于各个变量里，如：forum.php

http://www.xxx.com/forum.php?action=view_forum&forum_id={sql}
http://cn.okphp.com/forum.php?action=view_forum&forum_id='xss
.......

2、隐藏变量post攻击

　　在提交request.php?action=user_modify 修改用户资料时，没有密码认证导致通过user_id修改容易用户密码及资料；

Exp：

Okphp Discussions - powered by okphp BBS

淇

Related labels：

input name type product Multiple loopholes series

source：php.cn

Previous article：在Windows下安装MySQL的图形管理工具phpMyAdmin_PHP Next article：PHP5.0新特性_PHP

Statement of this Website

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Latest Articles by Author

Unlocking Systems Development: A Beginner's Guide to C Programming

2024-10-10 10:43:41
The C Programming On-Ramp: A Smooth Start for Aspiring Developers

2024-10-10 10:23:51
Unlocking the World of C: Your First Steps in Systems Programming

2024-10-09 22:27:01
From Beginner to Builder: Mastering the Art of PHP Programming

2024-10-09 20:15:31
Master the Basics: C Programming for Absolute Beginners

2024-10-09 16:42:41
PHP Forms: Handling User Input Like a Pro

2024-10-09 16:12:01
C: The Language That Built Modern Computing (and You Can Learn It!)

2024-10-09 13:33:51
PHP for Absolute Beginners: No Coding Experience Required

2024-10-09 12:27:11
Your C Programming Cheerleaders: Support and Resources for Beginners

2024-10-09 12:00:03
Tame the Code Monster: A Fun and Friendly Approach to PHP

2024-10-09 11:03:31

Latest Issues

function_exists() cannot determine the custom function Function test () {return true;} if (function_exists ('test')) {echo "test is function...

From 2024-04-29 11:01:01

0

2

1539

How to display the mobile version of Google Chrome Hello teacher, how can I change Google Chrome into a mobile version?

From 2024-04-23 00:22:19

0

10

1695

The child window operates the parent window, but the output does not respond. The first two sentences are executable, but the last sentence cannot be implemented.

From 2024-04-19 15:37:47

0

1

1438

There is no output in the parent window document.onclick = function(){ window.opener.document.write('I am the output of the child ...

From 2024-04-18 23:52:34

0

1

1367

Where is the courseware about CSS mind mapping? Courseware

From 2024-04-16 10:10:18

0

0

1414

Related Topics

More>

Popular Recommendations

Popular Tutorials

More>

Related Tutorials

Popular Recommendations

Latest courses

Latest Downloads

More>

Web Effects

Website Source Code

Website Materials

Front End Template

About us Disclaimer Sitemap: php.cn：Public welfare online PHP training，Help PHP learners grow quickly！