ASP Security by Soroush Dalili - Intelligent Exploit
ASP Security by Soroush Dalili - Intelligent Exploit
ASP Security by Soroush Dalili - Intelligent Exploit
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
:91و خط 90vMessageInfo(PM_Subject) = request.form("subject")vMessageInfo(PM_Body) = request.form("body")با نگاهي به تابع SendPrivateMessage()مشخص است كه آسيب پذير نيست.:view-group.asp -:12iGroupID = request.querystring("gid")خطتوابعوListGroupMembers() به دليل كنترل اعداد آسيب پذير نيستند.GetGroupName():view-profile.asp -خط 12:iUserID = BBS.ValidateNumeric(request.querystring("uid"))كه مي بينيم آسيب پذير نيست.حال سراغ پوشهcalendar مي رويم::add-event.asp -:15تا خط 12iCalendarID = request.querystring("calendarid")98