Netizen "Small Good" gave me a chat room IP, let me go to see. Originally want to invade its server, probably technology not home, engaged for more than 10 minutes, also did not go in. So I just wanted to find out what bugs were in this chat room. The chat room can be seen to be formed with Php+mysql. Columns are: User registration, forget the password, modify the information, the user suicide, chat god list, chat instructions, refresh lists. Then there's the chat.
I casually registered a username, according to my preference, like open xxxxxx users, so that I use XXXXXX registered a user. Log in.
Where do you start? I would like to look at the revised information, general chat room There is always such a loophole. Click to modify the data, so the next screen, you need to enter the user name and secret. After the loss, next, enter the data modification. yes! data modification in the user nickname, in fact, is the user name, immediately view the source file, see the following HMTL statement:
=================================================cut===========
<form name= "Ezchat" action= "modifyed.php" method= "post" enctype= "Multipart/form-data" >
<input type= "hidden" name= "active" value= "Change" >
<input type= "hidden" name= "user_name" value= "xxxxxx" >
<input type= "hidden" name= "user_passwd_t" value= "xxxxx" >
<table cellspacing=1 cellpadding=2 width= "675" border=0 align=center "#FFFFFF" >
<tr align=center bgcolor= "#FFD193" >
<TD colspan= "4" height= > User Information </td>
</tr>
<tr align=center bgcolor= "#FFEACE" >
<TD width= "20%" height= ">"
<div align= "left" > User nickname: <font color= "#FF0000" ><b>*</b></font></div>
</td>
<TD width= "30%" height= ">"
<div align= "Left" >
<input type= "text" name= "user_name_1" readonly class= "input" value= "xxxxxx" >
</div>
</td>
==========================================end==================
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.