Lucene search
K

274 matches found

seebug.org
seebug.org
added 2014/07/08 12:0 a.m.125 views

MacCMS v8 /inc/api.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/06/11 12:0 a.m.16 views

MacCMS 8 /inc_ajax.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/05/28 12:0 a.m.23 views

Maccms 最新注入一枚。

简要描述: 看到maccms又更新了 果断下来看看。 本来可以Sql的地方还挺多。。 但是由于自带的360防注入脚本。。我没办法绕过。 还是找到了一处, 如果没这防注入的话可以直接利用这注入登录后台。。 可是。。 老老实实盲注把。 详细说明: maccms 基本上都是调用be函数来代替$POST之类的。 都做了addslashes。 在admin/adminconn.php中 function chkLogin global $db; $mid = getCookie'adminid'; $mname = getCookie'adminname'; $mcheck =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/05/27 12:0 a.m.525 views

Maccms V8 后台Getshell #2(绕过过滤)

简要描述: 现在 V8版本 基本全部文件都有zend加密了。 而且还有360safe3.php保护 刚开始以为没搞头的,结果有个妹子发来微信。 妹子:在干嘛? 我:挖洞 妹子:一个人挖? 我:对啊! 妹子:我过去陪你一起挖吧! 我马上关机。擦,想跟老子抢乌云币?果断一个人作死开挖 详细说明: 注意下,这里@农村教师 WooYun: 苹果CMS全版本getshell打包第一弹 之前提交过类似的后台getshell,但是修补了。。。 不废话,直接可耻的绕过它 1. 目录浏览 maccms后台有个接口,但是限制了,只能访问目录template里的文件...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/05/27 12:0 a.m.19 views

Maccms V8 Sql Injection #1(有gpc限制)

简要描述: 现在 V8版本 基本全部文件都有zend加密了。 而且还有360safe3.php保护 刚开始以为没搞头的,结果有个妹子发来微信。 妹子:在干嘛? 我:挖洞 妹子:一个人挖? 我:对啊! 妹子:我过去陪你一起挖吧! 我马上关机。擦,想跟老子抢乌云币?果断一个人作死开挖 详细说明: 是cookie注入,有gpc限制,4处注入点 重现下发现过程 1. inc/common/function.php 直接获取cookie,未过滤 function getCookie$key if!isset$COOKIE$key return ''; else return $COOKIE$key...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/03/16 12:0 a.m.62 views

Maccms V8 注入两枚

简要描述: 过滤不严。无需单引号。同一文件。 详细说明: 在inc/user/alipay/alipayapi.php中 $outtradeno = $POST'WIDouttradeno';//可控 //商户网站订单系统中唯一订单号,必填 //订单名称 $subject = $POST'WIDsubject'; //必填 //付款金额 $price = $POST'WIDprice'; //必填 //商品数量 $quantity = "1"; //必填,建议默认为1,不改变值,把一次交易看成是一次下订单而非购买一件商品 //物流费用 $logisticsfee = "0.00";...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/03/16 12:0 a.m.72 views

Maccms V8 Sql Injection #2

简要描述: 现在 V8版本 基本全部文件都有zend加密了。 只有那么少数的几个文件没加密。。 我就看看那几个把。。 详细说明: 在inc/user/alipay/notifyurl.php中 $alipayNotify = new AlipayNotify$alipayconfig; $verifyresult = $alipayNotify-verifyNotify; $verifyresult2 = $alipayNotify-verifyReturn; if$verifyresult //验证成功...

7.1AI score
Exploits0
myhack58
myhack58
added 2014/02/11 12:0 a.m.40 views

macCMS full version through the kill SQL injection(including the latest 7. x)-vulnerability warning-the black bar safety net

The times for the official website the latest 7. 7 version of the maccms test, and before the 6. x injection there are some differences refactoring the code, and with the 3 6 0 give protection script Prior to binding of unclaimed legacy injection, you can achieve full version of injection...

7.5AI score
Exploits0
seebug.org
seebug.org
added 2014/01/13 12:0 a.m.16 views

MacCMS 全版本通杀SQL注射(包括最新7.x)

简要描述: 之前我发了个6.x的注射,没人认领,因此这次想找cncert了 本次针对官网最新7.7版本的maccms测试,和之前的6.x注射有一些差异(重构了代码,而且用了360给的防护脚本) 结合之前无人认领的旧版注射,可以达到全版本注射 危害不言而喻了吧 详细说明: /user/index.php line:615 function tg //推广功能,吐槽一下之前6.x版本用的英文popularize,这就变拼音了 global $db; $userid = be"get","uid"; $userid=chkSql$userid,true; //完全不可控 if...

7.1AI score
Exploits0
myhack58
myhack58
added 2014/01/03 12:0 a.m.17 views

MacCMS 6. x-referer improper handling of initiator injection-vulnerability warning-the black bar safety net

/user/service.php function Popularize global $db; $userid = safeData"userid","get"; if ! isNum$userid die"user illegal,please, from the new login!"; $Ip = getip; $Ly = $SERVER"HTTPREFERER"; $row = $db-getRow"select from tbluser where uid=" . $userid .""; if $row $sql="Select From tbluservisit whe...

0.2AI score
Exploits0
seebug.org
seebug.org
added 2013/10/03 12:0 a.m.12 views

MacCMS 6.x referer处理不当引发注射

简要描述: MacCMS 9月份新出7.x版本不受影响 因此这个漏洞成为历史漏洞了 不过还是发出来给大家一起讨论学习一下吧 详细说明: /user/service.php function Popularize global $db; $userid = safeData"userid","get"; if !isNum$userid die"用户非法,请从新登陆!"; $Ip = getip; $Ly = $SERVER"HTTPREFERER"; $row = $db-getRow"select from tbluser where uid=" . $userid .""; if...

7.1AI score
Exploits0
myhack58
myhack58
added 2013/04/17 12:0 a.m.22 views

maccms stored xss analysis-vulnerability warning-the black bar safety net

Team:c0deplay gbk utf8 the latest version of storagexss analysis The problem plus/comment/index.php page Comments Add Features function add // Here can actually use wide characters sql injectiondidn't follow up $ccontent= iconv 'UTF-8', 'gb2312//IGNORE' , $ccontent; $cname =...

7.3AI score
Exploits0
myhack58
myhack58
added 2012/10/28 12:0 a.m.48 views

MACCMS PHP version break security dogs background get webshell-vulnerability warning-the black bar safety net

Yesterday run into, the recording process, nothing of the content, similar to articles sure, any resemblance is certainly no coincidence(language is not so good, everyone will see: the Conditions: 1, movie Station is maccms php version. 2, The server install a security Dog. 3, There is a backgrou...

7.3AI score
Exploits0
myhack58
myhack58
added 2012/03/13 12:0 a.m.15 views

maccms chicken-upload vulnerability and a fix-vulnerability warning-the black bar safety net

A small program, inadvertently see by the way it looked under ./ admin/editor/upload.php requireonce "../adminconn.php"; $action=be"get","action"; $ftypes=array'jpg','gif','bmp','png',". jpeg"; $upfileDir= "../". $SESSION"upfolder" . the "/" . getSavePicPath . "/"; $maxSize=1 0 0 0; if!...

0.6AI score
Exploits0
Rows per page
Query Builder