99 matches found
CVE-2018-13031
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account...
CVE-2018-13031
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account...
Cross site request forgery (csrf)
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account...
CVE-2018-13031
DamiCMS CVE-2018-13031 affects versions 6.0.0 and 6.1.0 . The vulnerability is a Cross-Site Request Forgery (CSRF) on the endpoint admin.php?s=/Admin/doadd, allowing an attacker to add an administrator account. The root cause is insufficient CSRF protection on that admin action; the impact is the...
CVE-2018-13031
DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account...
DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) Vulnerability
Exploit for php platform in category web applications...
DAMICMS 6.0.0 Cross Site Request Forgery
history.pushState'', '', '/' a " /...
DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)
DAMICMS 6.0.0 - Cross-Site Request Forgery Add Admin history.pushState'', '', '/'...
DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)
history.pushState'', '', '/'...
DamiCMS web/lib/action/apiaction.class.php the where parameter SQL injection
No description provided by source...
DamiCMS any control of voting number of votes-vulnerability warning-the black bar safety net
DamiCMS any control of voting number of votes Vote the key code is as follows. foreach$POST'vote' as $v vardump$v; $v = strreplace"\n","",$v; $s = explode"=",$v; vardump$s; $data'vote' = strreplace$v,$s0."=". intval$s1 + 1,$data'vote'; vardump$data; if$vote-where'id='. intval$POST'id'-save$data...
DamiCMS 2.2 /Web/Lib/Action/ApiAction.class.php SQL注入漏洞
/Web/Lib/Action/ApiAction.class.php$field =!empty$REQUEST'field'?injectcheck$REQUEST'field':''; $m=new Model$model,"",false; //如果使用了分页,缓存也不生效 if$page import"@.ORG.Page"; //这里改成你的Page类 $count=$m-where$where-count; $totalpage = ceil$count / $pagesize; $p = new Page$count,$pagesize; //如果使用了分页,num将不起...
DamiCMS v2.2 /index.php 代码执行漏洞
No description provided by source...
DamiCMS 任意控制投票票数
简要描述: DamiCMS 任意控制投票票数 详细说明: 投票的关键代码如下。 foreach$POST'vote' as $v vardump$v; $v = strreplace"\n","",$v; $s = explode"=",$v; vardump$s; $data'vote' = strreplace$v,$s0."=".intval$s1 + 1,$data'vote'; vardump$data; if$vote-where'id='.intval$POST'id'-save$data 传入的数据用等号分割,类似 选项1=3 会变成 array选项1,3,...
damicms绕过防xss规则盲打后台(v4.9)
简要描述: damicms绕过防xss规则盲打后台v4.9 详细说明: 前台留言的地方,使用了getclientip ,代码如下。 使用了 removexss 来做过滤,但是可以这样来绕过 之后就可以弹窗了 漏洞证明:...
DamiCMS 2.2 /Web/Lib/Action/MemberAction.class.php SQL注入漏洞
No description provided by source...
从ThinkPHP谈基于框架开发程序的安全性(从SQL注入到代码执行)
简要描述: 从ThinkPHP谈基于框架开发程序的安全性,以ThinkPHP,ThinkSNS,大米CMS等最新版漏洞证明为例 详细说明: 从ThinkPHP谈基于框架开发程序的安全性,以ThinkPHP,ThinkSNS,大米CMS等为例 之前在看ThinkPHP开发手册的时候看到这个: 字符串方式 字符串方式条件即以字符串的方式将条件作为 where 方法的参数,例子: $Dao = M"User"; $List = $Dao-where'uidfind; 实际执行的 SQL 为: SELECT FROM user WHERE uidwhere'role='.$role-find;...
大米CMS某处SQL盲注绕过防御
简要描述: 大米CMS某处SQL盲注 详细说明: 最新版大米CMS 文件/Web/Lib/Action/ArticleAction.class.php public function index if!isset$GET'aid' $this-error'非法操作'; injectcheck$GET'aid'; injectcheck$GET'p'; $aid = intval$GET'aid'; //读取数据库和缓存 obstart; //用于生成静态HTML $isbuild = C'ISBUILDHTML'; //允许参数 $allowparam =...
damicms存储xss导致getshell
简要描述: damicms存储xss导致getshell 详细说明: 1Xss Damicms使用了万恶的 getclientip 直接伪造ip,而且ip的字段是varchar50 够我xss了 然后: Ok 2xss导致getshell 由于后台 可以直接编辑文件,生成php马 那我们就用js来直接getshell Js如下: $.ajax "url": "http://192.168.153.132/dami/admin.php?s=/Tpl/Update", "type": "POST", "data":...