iGENUS5. 0 E-mail system of some vulnerability package injection and landing, etc-vulnerability warning-the black bar safety net

2014-01-19T00:00:00
ID MYHACK58:62201441890
Type myhack58
Reporter 佚名
Modified 2014-01-19T00:00:00

Description

When nothing download a iGENUS5. 0 look at the watch, time is tight, only to see a probably. A large number of government, schools, scientific research institutions, large companies in the use of this system.

Be the first to say I use the version and environment:

! 1

! 2 ! 3

The entire program, not anti-injection measures, in addition to the message header and the outer did not putXSSerror, resulting in vulnerability to a large heap, the following tests are in the magic quotes off the case to php5. 4 After magic quotes is off by default.

1, information disclosure, developed for the debugging function: the

! 1 ! 2

2, variousxss: the

Reflection:

! 1! 2

[1] [2] [3] next