关键信息 标题: Ez Poll Hoste - Multiple Cross-Site Scripting / Cross-Site Request Forgery Vulnerabilities EDB-ID: 10439 CVE: 2009-4385, 2009-4384 作者: Milos Zivanovic 类型: WEBAPPS 平台: PHP 日期: 2009-12-14 验证: EDB Verified 漏洞应用: Ez Poll Hoste 漏洞类型: Multiple XSS and XSRF Vulnerabilities 影响组件: - 用户面板: - XSS in user panel - Delete poll by name - 管理员面板: - XSS in admin panel - Delete user by name - Email all users POC (Proof of Concept) UXSS in user panel UXSS in admin panel XSRF - Delete poll by name XSRF - Delete user by name Exploit