okphp系列产品的多个漏洞_PHP
Jun 01, 2016 pm 12:25 PM本文作者:SuperHei
文章性质:原创
发布日期:2005-08-14
程序描叙
OKPHP是由www.okphp.com开发一套专业的网站管理系统,目前产品包括:Okphp CMS, Okphp BBS,Okphp BLOG。由于对变量的过滤不严密及密码认证不严,导致sql注射,xss,隐藏变量post攻击从跨权限操作。
漏洞攻击
1、SQl注射及xss
“几乎” 存在于各个变量里,如:forum.php
http://www.xxx.com/forum.php?action=view_forum&forum_id={sql}
http://cn.okphp.com/forum.php?action=view_forum&forum_id='xss
.......
2、隐藏变量post攻击
在提交request.php?action=user_modify 修改用户资料时,没有密码认证导致通过user_id修改容易用户密码及资料;
Exp:
Hot Article
Hot tools Tags
Hot Article
Hot Article Tags
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Jailbreak any large model in 20 steps! More 'grandma loopholes' are discovered automatically
Nov 05, 2023 pm 08:13 PM
Jailbreak any large model in 20 steps! More 'grandma loopholes' are discovered automatically
Xiaomi 15 series full codenames revealed: Dada, Haotian, Xuanyuan
Aug 22, 2024 pm 06:47 PM
Xiaomi 15 series full codenames revealed: Dada, Haotian, Xuanyuan
How to set up camera mirroring on Xiaomi Mi 14 Ultra?
Mar 18, 2024 am 11:10 AM
How to set up camera mirroring on Xiaomi Mi 14 Ultra?
How to solve common file upload vulnerabilities in PHP language development?
Jun 10, 2023 am 11:10 AM
How to solve common file upload vulnerabilities in PHP language development?
What are the uses of the Type keyword in Go?
Sep 06, 2023 am 09:58 AM
What are the uses of the Type keyword in Go?
Solve Ubuntu mounting mobile hard disk error: unknown file system type exfat
Jan 05, 2024 pm 01:18 PM
Solve Ubuntu mounting mobile hard disk error: unknown file system type exfat
How to encapsulate input components and unified form data in vue3
May 12, 2023 pm 03:58 PM
How to encapsulate input components and unified form data in vue3
