KesionCms页面劫持漏洞

2014-12-17T00:00:00
ID SSV:94915
Type seebug
Reporter Root
Modified 2014-12-17T00:00:00

Description

简要描述:

KesionCms页面劫持漏洞

详细说明:

KesionCms网校平台,发表考试心得存在页面劫持漏洞 1.首页访问此URL:http://e.kesion.com/exam/Reviews.aspx?id=20http://e.kesion.com/ 登陆账号:tttttt 密码:tttttt 2.进入“我的试卷”,发表考试心得,成功劫持页面 详情请看页面 1.http://e.kesion.com/exam/Reviews.aspx?id=20 2.http://e.kesion.com/exam/Reviews.aspx?id=16 3.http://e.kesion.com/exam/Reviews.aspx?id=19

漏洞证明: