Lucene search
K

145 matches found

seebug.org
seebug.org
added 2009/02/04 12:0 a.m.18 views

Power System Of Article Management (DD/XSS) Vulnerabilities

No description provided by source. --------------------------------------------------------- Portal Name: Power System Of Article Management Version : 3.0 Author : PouyaServer , [email protected] Vulnerability : DD/XSS --------------------------------------------------------- DD:...

7.1AI score
Exploits0
0day.today
0day.today
added 2009/02/04 12:0 a.m.15 views

Power System Of Article Management (DD/XSS) Vulnerabilities

Exploit for unknown platform in category web applications =========================================================== Power System Of Article Management DD/XSS Vulnerabilities =========================================================== ---------------------------------------------------------...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2009/02/04 12:0 a.m.33 views

Power System Of Article Management 3.0 - File Disclosure / Cross-Site Scripting

--------------------------------------------------------- Portal Name: Power System Of Article Management Version : 3.0 Author : PouyaServer , [email protected] Vulnerability : DD/XSS --------------------------------------------------------- DD:...

7AI score
Exploits0
seebug.org
seebug.org
added 2008/10/25 12:0 a.m.24 views

动力(My Power)系统Announce.asp文件SQL注射漏洞

MY动力系统中的Announce.asp文件存在着SQL注入漏洞,使得有经验的攻击者可通过SQL注入来获得管理员密码(被MD5加密过的)等一切他想要的资料。但不能进行删除数据等操作。但这已经相当危险了,与数据库被下载同样危险。 漏洞原因: 引起此漏洞的代码为Announce.asp中的第10、11行: ChannelID=Trimrequest ChannelID sqlAnnounce= select from Announce where IsSelected=1 and ChannelID=0 or ChannelID= & ChannelID &...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2008/10/25 12:0 a.m.46 views

动力(My Power)暴库漏洞

直接输入动力系统的conn.asp的地址,如“http://www.asp163.net/inc/conn.asp”,在脚本错误提示中会暴露出数据库的真实地址及文件名,从而可以下载数据库。 动力My Power3.5XACCESS/SQL版 第一步,将数据库的扩展名改为“.asp”或“.asa”,我们已经在数据库中做了防下载处理。改名后,即使有人知道了数据库的真实地址及文件名,也下载不了。 第二步,修改conn.asp及connuser.asp中第5行的数据库地址,将原来使用的相对地址改为使用绝对地址。如:原来这一行内容是:db=...

7.1AI score
Exploits0
Rows per page
Query Builder