Lucene search
K

99 matches found

OSV
OSV
added 2018/07/05 8:29 p.m.4 views

CVE-2018-13031

DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account...

8.8CVSS5.8AI score0.01094EPSS
Exploits1References3
NVD
NVD
added 2018/07/05 8:29 p.m.24 views

CVE-2018-13031

DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account...

8.8CVSS8.7AI score0.01094EPSS
Exploits1References3
Prion
Prion
added 2018/07/05 8:29 p.m.13 views

Cross site request forgery (csrf)

DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account...

6.8CVSS8.6AI score0.01094EPSS
Exploits1References3Affected Software1
CVE
CVE
added 2018/07/05 8:0 p.m.48 views

CVE-2018-13031

DamiCMS CVE-2018-13031 affects versions 6.0.0 and 6.1.0 . The vulnerability is a Cross-Site Request Forgery (CSRF) on the endpoint admin.php?s=/Admin/doadd, allowing an attacker to add an administrator account. The root cause is insufficient CSRF protection on that admin action; the impact is the...

8.8CVSS8.6AI score0.01094EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2018/07/05 8:0 p.m.22 views

CVE-2018-13031

DamiCMS v6.0.0 aand 6.1.0 allows CSRF via admin.php?s=/Admin/doadd to add an administrator account...

8.7AI score0.01094EPSS
Exploits1References3
0day.today
0day.today
added 2018/07/03 12:0 a.m.40 views

DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin) Vulnerability

Exploit for php platform in category web applications...

1.9AI score
Exploits0
Packet Storm
Packet Storm
added 2018/07/02 12:0 a.m.29 views

DAMICMS 6.0.0 Cross Site Request Forgery

history.pushState'', '', '/' a " /...

0.3AI score
Exploits0
exploitpack
exploitpack
added 2018/07/02 12:0 a.m.12 views

DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)

DAMICMS 6.0.0 - Cross-Site Request Forgery Add Admin history.pushState'', '', '/'...

0.2AI score
Exploits0
Exploit DB
Exploit DB
added 2018/07/02 12:0 a.m.23 views

DAMICMS 6.0.0 - Cross-Site Request Forgery (Add Admin)

history.pushState'', '', '/'...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2016/06/20 12:0 a.m.15 views

DamiCMS web/lib/action/apiaction.class.php the where parameter SQL injection

No description provided by source...

7.1AI score
Exploits0
myhack58
myhack58
added 2015/04/11 12:0 a.m.29 views

DamiCMS any control of voting number of votes-vulnerability warning-the black bar safety net

DamiCMS any control of voting number of votes Vote the key code is as follows. foreach$POST'vote' as $v vardump$v; $v = strreplace"\n","",$v; $s = explode"=",$v; vardump$s; $data'vote' = strreplace$v,$s0."=". intval$s1 + 1,$data'vote'; vardump$data; if$vote-where'id='. intval$POST'id'-save$data...

1.4AI score
Exploits0
seebug.org
seebug.org
added 2015/04/01 12:0 a.m.47 views

DamiCMS 2.2 /Web/Lib/Action/ApiAction.class.php SQL注入漏洞

/Web/Lib/Action/ApiAction.class.php$field =!empty$REQUEST'field'?injectcheck$REQUEST'field':''; $m=new Model$model,"",false; //如果使用了分页,缓存也不生效 if$page import"@.ORG.Page"; //这里改成你的Page类 $count=$m-where$where-count; $totalpage = ceil$count / $pagesize; $p = new Page$count,$pagesize; //如果使用了分页,num将不起...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/04/01 12:0 a.m.13 views

DamiCMS v2.2 /index.php 代码执行漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/03/10 12:0 a.m.22 views

DamiCMS 任意控制投票票数

简要描述: DamiCMS 任意控制投票票数 详细说明: 投票的关键代码如下。 foreach$POST'vote' as $v vardump$v; $v = strreplace"\n","",$v; $s = explode"=",$v; vardump$s; $data'vote' = strreplace$v,$s0."=".intval$s1 + 1,$data'vote'; vardump$data; if$vote-where'id='.intval$POST'id'-save$data 传入的数据用等号分割,类似 选项1=3 会变成 array选项1,3,...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2015/03/10 12:0 a.m.19 views

damicms绕过防xss规则盲打后台(v4.9)

简要描述: damicms绕过防xss规则盲打后台v4.9 详细说明: 前台留言的地方,使用了getclientip ,代码如下。 使用了 removexss 来做过滤,但是可以这样来绕过 之后就可以弹窗了 漏洞证明:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/12/24 12:0 a.m.13 views

DamiCMS 2.2 /Web/Lib/Action/MemberAction.class.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/12/23 12:0 a.m.37 views

从ThinkPHP谈基于框架开发程序的安全性(从SQL注入到代码执行)

简要描述: 从ThinkPHP谈基于框架开发程序的安全性,以ThinkPHP,ThinkSNS,大米CMS等最新版漏洞证明为例 详细说明: 从ThinkPHP谈基于框架开发程序的安全性,以ThinkPHP,ThinkSNS,大米CMS等为例 之前在看ThinkPHP开发手册的时候看到这个: 字符串方式 字符串方式条件即以字符串的方式将条件作为 where 方法的参数,例子: $Dao = M"User"; $List = $Dao-where'uidfind; 实际执行的 SQL 为: SELECT FROM user WHERE uidwhere'role='.$role-find;...

7.6AI score
Exploits0
seebug.org
seebug.org
added 2014/11/03 12:0 a.m.23 views

大米CMS某处SQL盲注绕过防御

简要描述: 大米CMS某处SQL盲注 详细说明: 最新版大米CMS 文件/Web/Lib/Action/ArticleAction.class.php public function index if!isset$GET'aid' $this-error'非法操作'; injectcheck$GET'aid'; injectcheck$GET'p'; $aid = intval$GET'aid'; //读取数据库和缓存 obstart; //用于生成静态HTML $isbuild = C'ISBUILDHTML'; //允许参数 $allowparam =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/01 12:0 a.m.32 views

damicms存储xss导致getshell

简要描述: damicms存储xss导致getshell 详细说明: 1Xss Damicms使用了万恶的 getclientip 直接伪造ip,而且ip的字段是varchar50 够我xss了 然后: Ok 2xss导致getshell 由于后台 可以直接编辑文件,生成php马 那我们就用js来直接getshell Js如下: $.ajax "url": "http://192.168.153.132/dami/admin.php?s=/Tpl/Update", "type": "POST", "data":...

7.1AI score
Exploits0
Rows per page
Query Builder