Lucene search
K

206 matches found

seebug.org
seebug.org
added 2014/04/22 12:0 a.m.22 views

74cms 3.4 /ajax_common.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/03/18 12:0 a.m.29 views

74cms某功能注入漏洞(有条件)

简要描述: 略鸡肋,分享出来。 详细说明: 最新版v3.4,更新时间20140310 文件/plus/weixin.php responseMsg函数,使用 $postStr = $GLOBALS"HTTPRAWPOSTDATA"; 获得了post数据。所以,可以无视GPC。 获得的数据是XML格式,我们一会发送数据包即可。 继续看该函数: if !empty$postStr $postObj = simplexmlloadstring$postStr, 'SimpleXMLElement', LIBXMLNOCDATA; $fromUsername =...

7AI score
Exploits0
myhack58
myhack58
added 2013/05/31 12:0 a.m.33 views

74CMS talent system v3. 2 injection& full version pass rounded out the background-bug warning-the black bar safety net

Because a station with this system next to the station is also no start so went down the parts of the source code to read Set of procedures filter is still relatively full, but all versions are GBK encoding is his flawed but basically the string into the library when the author used the iconv to...

0.3AI score
Exploits0
myhack58
myhack58
added 2012/08/06 12:0 a.m.25 views

74CMS(Knight talent system)injection(into the background)-bug warning-the black bar safety net

Set of procedures filter is still relatively full, but all versions are GBK encoding is his flawed but basically the string into the library when the author used the iconv to convert the submitted over the data encoding into utf8 So the use of wide-character injection there is no way out but the...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2012/07/30 12:0 a.m.33 views

74CMS 人才系统注入全版本通杀进后台

简要描述: 整套程序过滤的还是比较全面的 不过所有版本都是GBK编码是他的硬伤 但是基本上字符串入库的时候作者都使用了iconv来把提交过来的数据编码转换成utf8 所以利用宽字符注入就没办法了 但是过滤完善仅限3.2版本之前 最新的3.2版本plus目录多了几个文件 不知道是不是换了程序员了... 先上两个白痴注入吧 详细说明: 注射1: \plus\ajaxofficebuilding.php 16行 if$act == 'alphabet' $alphabet=trim$GET'x'; //笑嘻嘻 肯定是换程序员了 不解释 if !empty$alphabet $result =...

7.1AI score
Exploits0
myhack58
myhack58
added 2012/07/02 12:0 a.m.25 views

74CMS talent system v3. 2 injection & full version pass rounded out the background-bug warning-the black bar safety net

Because a station with this system next to the station is also no start so went down the parts of the source code to read Set of procedures filter is still relatively full, but all versions are GBK encoding is his flawed but basically the string into the library when the author used the iconv to...

1.7AI score
Exploits0
Rows per page
Query Builder