149 matches found
Code Execution Vulnerability in Axublog Blogging System
axublog is a PHP personal blog system. A code execution vulnerability exists in the Axublog blog system. The vulnerability is caused due to the failure to validate the reloaded files, which can be exploited by an attacker to construct a specially crafted file, upload a shell, and gain...
Two SQL Injection Vulnerabilities in Axublog Blog System
axublog is a PHP personal blog system. Two SQL injection vulnerabilities exist in Axublog blog system. An attacker can exploit the vulnerabilities to obtain database information...
emlog personal blog system background there is privilege elevation vulnerability
Impact version emlog = 5.1.2 Prerequisites: need to log in the background Exploit Log in the background after a visit to admin/? action=phpinfo page, get website physical path In the database backup page to back up the database, export to a local computer, and then edit the exported . sql format ...
Simple-Log Reinstallation Vulnerability
SimpleLog Blog System is a blog system built with PHP+MySQL. A reinstallation vulnerability exists in Simple-Log v1.6, which allows attackers to exploit the vulnerability to reinstall the system, resulting in data loss...
Multiple Cross-Site Scripting Vulnerabilities in Dotclear
Dotclear is a PHP and MySQL based Blog system . Dotclear has multiple cross-site scripting vulnerabilities that can be exploited by attackers to execute arbitrary script code in a user's browser...
Typecho 博客系统 后台评论处 存储型XSS漏洞
No description provided by source...
SQL Injection Vulnerability in Qibo Blog System
Zibo Blog System is a multi-user blog system. There is a SQL injection leak in the Qibo Blog System. The SQL injection vulnerability is caused due to uninitialized $TBpre in the '/blog/template/space/file/listbbs.php' function, which is registered according to a pseudo-global variable in the Qibo...
齐博博客系统高危漏洞集合(SQL+XSS)
简要描述: 该博客系统是一个类似博客大巴的公共博客平台 两个高危注入+一个可打管理员账号的xss 最新的blog 1.0 http://down.qibosoft.com/down.php?v=blog1.0 详细说明: http://localhost/qibo/bk/blog/member/postlog.php?job=postlog 注册成会员之后发布日志 注入一 问题代码\blog\member\postlog.php if$job=="postlog" if$step==2 if!$title showerr"标题不能为空"; elseif!$content...
qibocms 多个系统同一原因的sql注入
简要描述: 因为qibocms 拥有很多系统。 看了看昨天发的那个洞 今天再下载了几个qibo其他的系统 发现有一部分系统存在该洞。 鉴于之前qibocms打补丁的时候总是打了几个系统 而遗漏了其他几个系统。 就把存在这洞的系统全部一个一个的写出来。 详细说明: 统一来看看全局文件 $POST=AddS$POST; $GET=AddS$GET; $COOKIE=AddS$COOKIE; function AddS$array foreach$array as $key=$value if!isarray$value $value=strreplace"&x","& x",$value;...
PhpBridges Blog System members.php SQL Injection
No description provided by source. Exploit Title: PhpBridges Blog System SQL Injection Vulnerability Date: 18/01/2012 - 04.19 Author: 3spi0n Software Website: https://launchpad.net/phpbridges Tested On: BackTrack 5 - Win7 Ultimate Platform: Php $ Vulnerable File: members.php $ Demo Sites:...
blog system <= 1.5 - Multiple Vulnerabilities
No description provided by source. Exploit Title: Blog System = 1.5 Multiple Vulnerabilities Date: 04/04/10 Author: cp77fk4r | empty0pageSHIFT+2gmail.comhttp://gmail.com | www.DigitalWhisper.co.ilhttp://www.DigitalWhisper.co.il Software Link: http://www.netartmedia.net/blogsystem/ |...
Blog System 1.2 index.php cat Parameter SQL Injection
No description provided by source. source: http://www.securityfocus.com/bid/15719/info Blog System is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful...
Blog System 1.x Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/39406/info Blog System is prone to multiple input-validation vulnerabilities because it fails to adequately sanitize user-supplied input. These vulnerabilities include local file-include, SQL-injection, and...
Blog System 1.x (note) SQL Injection Vuln
No description provided by source. Script : Blog System Version : 1.x Link : http://netartmedia.net/blogsystem/ Dork : powered by Blog System Table : websiteadminadminusers Columns : id,username,password,type Exploit :...
Movable Type Rich Text Editor脚本注入漏洞
Movable Type是一款基于WEB的网络博客系统。 由于通过网页键入的输入在富文本编辑器显示之前缺少过滤。在恶意数据被查看时,攻击者可以利用漏洞在受影响站点上下文的用户浏览器会话中执行任意HTML和脚本代码。 下列产品和版本存在漏洞: Movable Type Pro version 6.0 Movable Type Pro versions 5.2.x, 5.1x, and 5.0x Movable Type Open Source MTOS versions 5.2.x, 5.1x, and 5.0x Movable Type Advanced / Movable Type...
Lxblog blog system variables cover the resulting injection+Getshell attached to the use of the exp-bug warning-the black bar safety net
Nonsense: lxblog is www. phpwind. net development of multi-blog system, now seems to have stopped updating! Statement: We only do the technical research, please do not illegally used, together with consequences with himself, independent of it! Text: Key file:/mod/ajaxmod.php if ! empty$POST $POST...
Blog System 2.0 XSS/SQL Injection Vulnerability
Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...
akcms code execution vulnerability-vulnerability warning-the black bar safety net
Last week digging out of the akcms background stencil getshell feeling nothing new, and then carefully looked at the code, found a comparison with“the future”of the hole, the code execution vulnerability, and the problem function is that the authors provided to the station user for secondary...
wordpress Diary/Notebook theme email spoofing vulnerability-vulnerability warning-the black bar safety net
WordPress this Diary/Notebook theme is to have site5 design of a personal Journal blog system theme. The recent burst of the email spoofing vulnerability. Attach the perl script Exp: !/ usr/bin/perl Exploit Title: Diary/Notebook Site5 WordPress Theme - Email Spoofing Date: 15.07.2012 Exploit...
sflog! 1.00 LFI / Password Disclosure / Shell Upload
:::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ "Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP" "YmmMMMM"" MMM YM Discovered by dun \ posdubatgmail.com 2012-07-05 sflog! // 1 ..cut.. 53 requireonce"./includes/entries.inc.php"; // 4 ..cut.. File: ./sflog/includes/pageHeader.inc.ph...