PHPEMS一处SQL注入漏洞

简要描述： PHPEMS一处SQL注入漏洞 详细说明： 5.phpems某处SQL注入漏洞 存在注入漏洞代码位于/app/exam/app.php的函数favor中 具体在 default: $page = $this-ev-get'page'; $type = $this-ev-get'type'; $search = $this-ev-get'search'; $tmp = $this-section-getKnowsListByArgsarray"knowssectionid = '$search'sectionid''","knowsstatus = 1";...

Unfixed XSS vulnerability at www.infospider.com

Security researcher Uber0n, has submitted on 06/01/2008 a cross-site-scripting XSS vulnerability affecting www.infospider.com, which at the time of submission ranked 365391 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 14/01/2008. It is...