Web2 has been re-opened, and there is no clue about the reason for further hacking
Another reason may be social engineering !!
I only found a Cross-Site vulnerability, but I should not be able to modify it to the home page in the parent directory!
Depressed .. Here we will release WM's Cross-Site vulnerability Solution
By clin003 at 20070716 from: http://clin003.com/or http://blog.csdn.net/clin003/
Report vulnerabilities !! Cross-Site
Cross-Site vulnerabilities can be caused by search results in each search (for example, in a personal column after a user logs in, I still don't know if this is the reason why my website homepage (in the upper-level directory of WM) is hacked,
The figure is not truncated,
If the test is possible, search for "<IFRAME src =" http://clin003.com/"width =" 800 "Height =" 236 "frameborder =" 0 "> </iframe>" directly (without quotation marks)
You can directly use the following connection test
Http://webmagik.cn/site? Cat = 1001 & search_text = % 3 ciframe + SRC % 3d % 22 HTTP % 3A % 2f % 2fclin003.com % 2f % 22 + width % 3d % 22800% 22 + height % 3d % 22236% 22 + frameborder % 3d % 22 & search_submit = % E6 % 90% 9C % E7 % B4 % A2 & U = sites_list
(This link may no longer show the effect. This site is the WM demo site)
This demo site is the latest official version of 1.3 (from the Forum). No matter whether the problem is harmful or not, I hope to filter the site as soon as possible to avoid cross-site
Thank you. I also hope that my site will be reopened earlier (I am waiting for the next version, and now the site is temporarily closed ,)
By clin003 at 20070716 from: http://clin003.com/or http://blog.csdn.net/clin003/
The Administrator's easy answer is as follows:
Although it is unlikely that Code But it may be used for phishing. Thanks for your feedback.
The simplest Modification Scheme is to directly modify 27 rows in/META/module/module_list.tpl.html.
Code:
If (! Empty ($ _ request ['tag']) $ text = $ _ request ['tag'];
Else $ text = $ _ request ['search _ text'];
Is
Code:
If (! Empty ($ _ request ['tag']) $ text = strip_tags ($ _ request ['tag']);
Else $ text = strip_tags ($ _ request ['search _ text']);
Then generate the code in the background.
By clin003 at 20070716 from: http://clin003.com/or http://blog.csdn.net/clin003/
The following conclusions have not been managed to confirm whether they are correct:
And what you said
Quote: generate code again in the background
It refers to "sharing module management"-"Updating Applications"Program"
Nothing else can be generated!
By clin003 at 20070716 from: http://clin003.com/or http://blog.csdn.net/clin003/
Reporting vulnerability WM address: http://webmagik.cn/bbs/viewthread.php? Tid = 600 & pid = 2121 & page = 1 & extra = Page % 3d1 # pid2121