Joomla component 'com_youtube' SQL injection vulnerability

Joomla! is a content management system that is quite well known abroad. A SQL injection vulnerability exists in the Joomla component 'comyoutube', which allows attackers to exploit the vulnerability to access or modify data...

KingCms最新版（k9）查看、修改所有用户所有信息

简要描述： KingCms最新版（k9）查看、修改所有用户所有信息 详细说明： 朋友的公司想购买kingcms的授权，让我帮忙看下。发现kingcms很长一段时间没更新了，憋了一段时间放出了最新版的k9，官网下下来学习一下。 在wooyun上看到了几个漏洞，如： WooYun: kingcms最新版sql注入漏洞 这里越权涉及到两个方面。 0x00：先来看看如果查看所有会员信息。 问题文件在/api/conn.php $get=$GET; ifempty$get'jsoncallback' exit'非法提交!'; $jsoncallback=$GET'jsoncallback';...

ShopEx某处SQL注入（可猜测敏感信息）

简要描述： ShopEx sql注入 详细说明： 分析一下代码： ctl.cart.php: function updateCart$objType='g', $key='' $key = strreplace'@', '-', $key; $nQuantity = $POST'cartNum'$objType$key; switch$objType case 'f': $oCart-member'memberlvid' =$GLOBALS'runtime''memberlv'; $oCart-member'point' = $this-member'point'; break; cas...

Multiple Input Validation Vulnerabilities in Gecko CMS

Gecko CMS is a content management system CMS based on PHP and MySQL. Gecko CMS suffers from SQL injection, cross-site scripting, and HTML injection vulnerabilities because it fails to adequately filter user-supplied input. Exploitation of these vulnerabilities allows attackers to perform...

XYCMS建站系统SQL注入#3

简要描述： XYCMS建站系统SQL注入3 详细说明： 同前两个不同 XYCMS建站系统SQL注入1 XYCMS建站系统SQL注入2 前两个是v1.9系统。 版本是v2.5 这里提交的是：xycms-utf8-2.5 这里提交的在wooyun没有提交过！这里提交的点与之前的不重复，证明： casedetail.asp未对id进行任何过滤就直接带入数据库查询 id=request.QueryString"id" set rs=server.createobject"adodb.recordset" exec="select from xycase where id="& id rs.ope...

XYCMS建站系统SQL注入#2

简要描述： XYCMS建站系统SQL注入2 详细说明： 同第一个 XYCMS建站系统SQL注入1 这里提交的在wooyun没有提交过！这里提交不重复，证明： 除了：fwxmdetail.asp，news.asp，teamdetail.asp这些外。。。 jobdetail.asp未对id进行任何过滤就直接带入数据库查询 id=request.QueryString"id" set rs=server.createobject"adodb.recordset" exec="select from zpxx where id="& id rs.open exec,conn,1,1 if...

Hdwiki (20141205) 存在7处SQL注入漏洞（含之前处理不当安全的漏洞）

简要描述： 看到更新了, 有几个老洞还没修复 也随便放到这里面来说了。 详细说明： 0x01 在control/comment.php 中 function doreport $usernames=array; $id=intval$this-post'id' ? $this-post'id' : 0; $report=trimhtmlspecialcharsWIKICHARSET==GBK?string::hiconv$this-post'report':$this-post'report'; ifempty$id||empty$report $this-message-1,'',2;...

Adding Subscription Cal by URL stores user password unencrypted

panel:bgColor=e7f4fa NOTE: This bug report is for Confluence Cloud. Using Confluence Server? See the corresponding bug report|http://jira.atlassian.com/browse/CONFSERVER-48402. panel I discovered that calendar subscriptions not only store user credentials, but do so unencrypted!!! There is really...

Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities

Mpay24 PrestaShop Payment Module 1.5 - Multiple Vulnerabilities Mpay24 PrestaShop Payment Module Multiple Vulnerabilities - · Affected Vendor: Mpay24 - · Affected Software: Mpay24 Payment Module - · Affected Version: 1.5 and earlier - · Issue Type: SQL injection and information disclosure - ·...

Hdwiki最新版二次注入一枚

简要描述： 上Hdwiki官网 发现更新日期一直都没变。 还以为一直都没更新了, 结果今天下载一个下来看看。 发现之前发的洞竟然都补掉了。 非盲注 直接出数据。 ps. 更新程序了应该还是把日期更新了一下 要不别人会一直以为没更新的。 详细说明： 在user/pms.php中 function doblacklist ifisset$this-post'blacklist' $blacklist = htmlspecialcharsstring::stripscript$this-post'blacklist'; ifempty$blacklist $result =...

Nuked-Klan 1.7 Sections Module artid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/15181/info Nuked Klan is prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These vulnerabilities...

smbind <= 0.4.7 - SQL Injection Vulnerability

No description provided by source. smbind = v.0.4.7 Sql Injection Site: https://sourceforge.net/projects/smbind/files/ Reported on 28/08/2010 Author: IHTeam Buggy code: ifisset$POST'username' && isset$POST'password' if!filteralphanum, $POST'username' or !filteralphanum, $POST'password' dieUsernam...

LocazoList Classifieds 1.0 SearchDB.ASP Input Validation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/15812/info LocazoList Classifieds is prone to an input validation vulnerability that allows cross-site scripting and SQL injection attacks. An attacker may leverage this issue to have arbitrary script code executed in the...

WebCalendar 0.9.x Multiple Module SQL Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/8540/info It has been reported that WebCalendar may be prone to multiple SQL injection issues in the viewt.php, vieww.php, viewv.php, and login.php modules of the software. The problems arise from a lack of sufficient...

Mambo Open Source 4.5 Index.PHP SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9891/info It has been reported that the Mambo 'index.php' script is prone to an SQL injection vulnerability. This issue is due to a failure of the application to properly validate user supplied URI input. As a result of...

Mambo Site Server 4.0.14 banners.php bid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/8647/info It has been reported that Mambo Open Source Server is prone to multiple input validation vulnerabilities that may allow remote attackers to inject malicious SQL syntax into database queries and send anonymous...

LightNEasy Cms 3.2.1 - Blind SQL Injection Vulnerability

No description provided by source. Exploit Title: LightNEasy Cms 3.2.1 Blind SQL Injection Vulnerability Date: 20.09.2010 Author: Stephan Sattler // Solidmedia.de Software Website: http://www.lightneasy.org/ Software Link: http://www.lightneasy.org/addons/downloads/send.php?dlid=127 Version: 3.2....

YABB SE 1.x SSI.PHP ID_MEMBER SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9449/info A problem with YaBB SE could make it possible for a remote user launch SQL injection attacks. It has been reported that a problem exists in the SSI.php script distributed as part of YaBB SE. Due to insufficient...

NetSupport DNA HelpDesk 1.0 Problist Script SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10772/info An SQL injection vulnerability is identified in the application that may allow attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks. This...

DESTOON 某处SQL注射漏洞（部分原因导致鸡肋利用）

简要描述： 注射 ,之前提交的漏洞和这个是一个问题。。 详细说明： ajax/tipword.inc.php: if!$word || strlen$word 30 exit; $word = strreplacearray' ','', "'", array'%', '%', '', $word; 只能30个长度 算是鸡肋吧!.. tag"moduleid=$mid&table=keyword&condition=moduleid=$mid and keyword like '%$word%'&pagesize=10&order=totalsearch...