1695 matches found
Weave a dream(Dedecms)arbitrary code execution vulnerability-vulnerability warning-the black bar safety net
Vulnerability page is \include\incbookfunctions.php The trigger page is member/storyaddcontentaction.php Next is open the following address: http://www.xxx.com/member/storyaddcontentaction.php?chapterid=1&arcID=1&body=?& gt; Followed by the word code. When you see the successful message indicates...
DEDECMS跨站及爆绝对路径漏洞
泄露绝对路径漏洞 member/company.php member/job.php 然后是跨站,这个得YY一下: 漏洞文件:include/jump.php 以下是漏洞代码: ?php if!empty$GET'gurl' echo "scriptlocation="$GET'gurl'";/script"; ? DEDECMS 5 暂无 http://www.dedecms.com 提交:http://127.0.0.1/dc/include/jump.php?gurl=http://00day.cn 会跳转到http://00day.cn...
dedecms v5. 1 vulnerability-the vulnerability warning-the black bar safety net
\include\incbookfunctions.php --------------------------------------------------- ...... function WriteBookText$cid,$body span id="more-1 9 4 4"/span global $cfgcmspath,$cfgbasedir; $ipath = $cfgcmspath."/ data/textdata"; $tpath = ceil$cid/5 0 0 0; if! isdir$cfgbasedir.$ ipath...
Multiple Cross-Site Scripting Vulnerabilities in DedeCms v5.x
No description provided by source. .: Multiple Cross-Site Scripting Vulnerabilities in DedeCms v5.x .: Author Depo2 - TpTLabs.com .: Affected versions http://www.dedecms.com/ - DedeCms v5.x .: Credit The disclosure of these issues has been credited to Depo2 .: Classification Attack Type: Input...
织梦(dedecms)2007 group/search.php注入漏洞
group/search.php ................................................................................................ ifempty$sad $sad = "t"; ifempty$keyword ShowMsg"错误,请输入搜索关键字!","-1"; exit; if$sad=="g" $searchtable = "@groups"; $WhereSql = "WHERE ishidden=0 AND groupname like '%".$keyword."%'";...
DedeCms V5.1 tag.php注入漏洞
Dedecms算是使用比较广泛的PHP整站系统了,在被使用的同时系统的安全性也被人们关注 目录下的tag.php文件对变量$tag处理不当,导致注入漏洞的形成 因为可以使用“'”,所以如果条件可以的话可以直接into file得SHELL。 DedeCms V5.1 sp1 暂无 www.dedecms.com http://www.sebug.net/bbs/thread-332-1-1.html...
DedeCms V5 orderby参数注射漏洞
DedeCms由2004年到现在,已经经历了五个版本,从DedeCms V2 开始,DedeCms开发了自己的模板引擎,使用XML名字空间风格的模板,对美工制作的直观性提供了极大的便利,从V2.1开始,DedeCms人气急却上升,成为国内最流行的CMS软件,在DedeCms V3版本中,开始引入了模型的概念,从而摆脱里传统网站内容管理对模块太分散,管理不集中的缺点,但随着时间的发展,发现纯粹用模型化并不能满足用户的需求,从而DedeCms 2007(DedeCms...
Dedecms V5可执行文件上传漏洞
这是一个比较有意思的东西,但是成功利用起来并不容易,呵呵。 首先看configrglobals.php文件,摘的一段代码如下。这里作者本意是为了帮我们注册变量的,但是他却疏忽了我们不但能注册变量,还能覆盖一些变量。configrglobalsmagic.php也有同样的问题 ………………………………………………………………………… ifisarray$GET foreach$GET AS $key = $value $$key = $value; //可以覆盖任意变量 ………… …………………………………………………………………………...
dedecms v5. 1 WriteBookText() code injection vul-vulnerability warning-the black bar safety net
Source: Ph4nt0m Google Group by [email protected] QQ:3 7 8 3 6 7 9 4 2 \include\incbookfunctions.php --------------------------------------------------- ...... function WriteBookText$cid,$body span id="more-1 9 4 4"/span global $cfgcmspath,$cfgbasedir; $ipath = $cfgcmspath."/ data/textdata"; $tpath ...
Teach the rookie to play DedeCms V4. 0 injection vulnerability-vulnerability warning-the black bar safety net
Author: hackest H. S. T This article has been published in the hacker X-Files for 2 0 0 8 years No. 4 magazine After the author published on the blog, such as reproduced please retain this information! DedeCms i.e. woven dream content management system, and its latest version has been released to...
dedecms v5.1 WriteBookText() code injection vul
\\include\\incbookfunctions.php --------------------------------------------------- …… function WriteBookText$cid,$body global $cfgcmspath,$cfgbasedir; $ipath = $cfgcmspath.\"/data/textdata\"; $tpath = ceil$cid/5000; if!isdir$cfgbasedir.$ipath...
dedecms v5. 1 WriteBookText() code injection vul-vulnerability warning-the black bar safety net
Source: Ph4nt0m Google Group by [email protected] QQ:3 7 8 3 6 7 9 4 2 1. \include\incbookfunctions.php 2. --------------------------------------------------- 3. ...... 4. function WriteBookText$cid,$body 5. span id="more-1 9 4 4"/span 6. global $cfgcmspath,$cfgbasedir; 7. $ipath = $cfgcmspath."/...
DeDeCMS V5 用户验证函数转义符漏洞
在include\incuserlogin.php文件中,checkUser函数对过滤处理不当,导致可以注入转义符,致使系统数据库语句出错。。。 $this-userName = eregreplace"^0-9a-zA-Z@!.-","",$username; ,是不是代码编写人员忘记了,在引号内,转义符只能转义单引号和斜杠 :-P,这样,在变量username中输入一个单引号,变成',然后过滤'留下,导致数据库语句执行出错。 DeDeCMS V5、DeDeCMS 2007 去掉代码中的斜杠,语句改为:$this-userName =...
Woven dream content management system(DEDECMS 3.the X+4. X upload vulnerability-vulnerability warning-the black bar safety net
Ghost boy note:accurate to say should be DEDECMS used in the php version of FCKeditor there upload vulnerability, the gif89a file header to cheat, did not expect the php version of FCKeditor, even the existence of such a vulnerability, the gif89a file header spoofing is not fresh things. Sources ...
织梦(Dedecms)内容管理系统漏洞
织梦内容管理系统DedeCms 以简单、实用、开源而闻名,是国内最知名的PHP开源网站管理系统,也是使用户最多的PHP类CMS系统,在经历了二年多的发展,目前的版本无论在功能,还是是易用性方面,都有了长足的发展,DedeCms免费版的主要目标用户锁定在个人站长,功能更专注于个人网站或中小型门户的构建,当然也不泛有企业用户和学校等在使用本系统,据不完全统计,目前正在运行的使用DedeCms开发的网站已经超过一万个。 文件上传时,文件自命名名没过滤 “.” ,导致附件允许用 php 文件名 Dedecms 3.1...