信游科技页游平台程序通用型SQL注入（一个文件多处）

简要描述： 看了@wefgod 大牛以前提交的 有空看了看这套代码 又发现了注入 官网几套系统都存在通用性注入漏洞 只是有安全狗 本人很菜不会过狗 但是漏洞是存在的 详细说明： 存在漏洞的文件： xykj/jsondata.ashx 三个分支 都存在注入 源码如下 using System; using System.Collections.Generic; using System.Collections.Specialized; using System.Web; using com.xykj.common; /// /// 请求处理 /// 发送到客户端为json格式。 ///...

EasyTalk以系统身份向用户发XSS

简要描述： EasyTalk以系统身份向用户发XSS 详细说明： 出现问题的代码文件路径 : easytalk/Home/Lib/Action/ImAction.class.php 代码加载时 public function initialize parent::init; 没要求登录 而EasyTalk存储型XSS和以系统身份向任意用户发私信的漏洞在这代码 //发表聊天 public function sendmsg $ret=D'Messages'-sendmsgdaddslashes$POST'content' ,daddslashes$POST'nickname',$this-m...

Thinksaas最新版注入无视GPC

简要描述： thinksaas最新版2.1某处sql注入修补不完善，继续注入。 详细说明： Thinksaas是一款轻量级开源社区系统，界面我很喜欢。官网在http://www.thinksaas.cn/。 说到无视GPC，大家想到什么。Get、Post、Cookie请求不好用的时候，还能用到什么？ 当然是SERVER或FILE。 这个cms在全局文件中使用了addslashes对GET、POST、COOKIE进行了过滤，而且在操作数据库的函数中，在where的位置又用了mysqlrealescapestring，所以使得游戏变得很难。...

EasyTalk Sql Injection 11-15

简要描述： 过滤不严。 详细说明： 注入11： 在friendsaction.class.php中 public function initialize parent::init; parent::tologin; import"@.ORG.Page"; $this-fModel=D'Friend'; $this-uModel=D'Users'; $username=$this-get'username'; $this-keyword=trim$this-get'keyword';...

Code injection

config/initializers/secrettoken.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secrettoken value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code...

Debian Security Advisory DSA 2823-1 (pixman - integer underflow)

Bryan Quigley discovered an integer underflow in Pixman which could lead to denial of service or the execution of arbitrary code. OpenVAS Vulnerability Test $Id: deb2823.nasl 6611 2017-07-07 12:07:20Z cfischer $ Auto-generated from advisory DSA 2823-1 using nvtgen 1.0 Script version: 1.0 Author:...

Ubuntu Update for libx11 USN-1854-1

Check for the Version of libx11 OpenVAS Vulnerability Test $Id: gbubuntuUSN18541.nasl 8650 2018-02-03 12:16:59Z teissa $ Ubuntu Update for libx11 USN-1854-1 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software;...

Cool PDF Reader Image Stream Stack Overflow

Added: 03/11/2013 CVE: CVE-2012-4914 BID: 57461 OSVDB: 89349 Background Cool PDF Reader is a small viewer/reader that can view, print, and convert PDF files to TXT, BMP, JPG, GIF, PNG, WMF, EMF, EPS. Problem Cool PDF Reader versions 3.0.2.256 and prior do not perform proper bounds checking on ima...

CVE-2013-0467

CVE-2013-0467 concerns a vulnerability in the IBM Eclipse Help System (IEHS) that is shipped with multiple IBM products (notably IBM WebSphere Application Server, IBM InfoSphere Information Server, SPSS Data Collection, Content Analytics/OmniFind, Content Collector, and related IEHS-integrated co...

Charybdis: Improper assumptions in the server handshake code may lead to a remote crash

Access vector: network Access complexity: low Authentication requirement: none Confidentiality impact: none Integrity impact: none Availability impact: complete CVSSv2 temporal score: 6.4 Exploitability: functional exploit exists Remediation level: official fix Report confidence: confirmed Summar...

Regarding the recent“mysql vulnerability”of some ideas with some related clutter code-vulnerability warning-the black bar safety net

Recently it seems, and WMI fate, always came across the WMI stuff. Then see the WMI just wanted to tap some knowledge, the right time not in vain. “Vulnerability”is what needless to say, everyone is clear. Here is a personal simple idea with some messy code, welcome to the discussion. First of al...

Code injection

Static code injection vulnerability in administration/install.php in YVS Image Gallery allows remote attackers to inject arbitrary PHP code into functions/dbconnect.php via unspecified vectors. NOTE: this is only a vulnerability when the administrator does not follow recommendations in the...

ThinkPhp web框架 php代码任意执行漏洞

No description provided by source...

R2 1.65 Stack Overflow / Directory Traversal / Brute Forcing

Luigi Auriemma Application: R2 http://www.rabidhamster.org/R2/ Versions: = 1.65 Platforms: Windows Bugs: A stack overflow B directory traversal C PIN brute forcing Exploitation: remote Date: 09 Feb 2012 Author: Luigi Auriemma e-mail: [email protected] web: aluigi.org 1 Introduction 2 Bugs 3 Th...

Adobe Reader BMP Resource Signedness Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Adobe Reader X. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within 2d.x3d, which is...

Mad Pirates of the novel the thief GETshell vulnerabilities and fixes-vulnerability warning-the black bar safety net

Team:t00ls Author: Cond0r Silly than a vulnerability Must be turned on cache to use First look at the code book.php $kdcachedir = "./ cache"; if$kdbookcache=="ture"//cache must be turned on $lastflesh = @filemtime$kdcachedir."/ book$shuid.html"; // echo $lastflesh; if! fileexists"./...

ChaSen Buffer Overflow Vulnerability - Linux

ChaSen Software is prone to a buffer overflow vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2011-4222

Unspecified vulnerability in Investintech.com Able2Extract and Able2Extract Server allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted document...

WordPress oQey Headers plugin <= 0.3 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress oQey Headers plugin = 0.3 SQL Injection Vulnerability Date: 2011-08-26 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/oqey-headers.0.3.zip Version: 0.3 tested Note:...

videoDB 3.1.0 SQL Injection

DORK:allinurl:borrow.php?diskid= DORK:allintitle:videodb Vendor: http://www.videodb.net/blog/ $ ----------- | S3C0VERUN | & ------------@ along with this i was able in some sites to determine that you can overwrite the databse contents and also if you look in the source you se there password the...