ShopEX官方网站及旗下ECSHOP官方网站高危漏洞

简要描述： 域名反查www.shopexdrp.cn，发现ShopEX官方子网站、及ecshop官方网站等都在同一台服务器上，其中www.shopexdrp.cn使用dedecms，利用该CMS注入漏洞，可拿到webshell，同服务上的众多官方子网站及旗下网站被控制。 详细说明： 利用dedecms sql注入漏洞：...

[JSQL v0.3] Java Tool for Automatic Database Injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.2 features: GET, POST, header, cookie methods normal, error based, blind, time based algorithms automatic...

AirDrive HD 1.6 Shell Upload

Title: ====== AirDrive HD 1.6 iPad iPhone - Multiple Web Vulnerabilities Date: ===== 2013-02-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=865 VL-ID: ===== 865 Common Vulnerability Scoring System: ==================================== 6.3 Introduction: =============...

AirDrive HD 1.6 iPad iPhone - Multiple Vulnerabilities

Title: ====== AirDrive HD 1.6 iPad iPhone - Multiple Web Vulnerabilities Date: ===== 2013-02-24 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=865 VL-ID: ===== 865 Common Vulnerability Scoring System: ==================================== 6.3 Introduction: =============...

Check the shell to find the new hidden Trojan horse ideas-vulnerability warning-the black bar safety net

Help a friend search webshell small mind Today a friend said his station has an exception, asked me to look at, the Qi of the whole Station. Checked under the webshell, find a 2 bar. Where there is a possession much more wonderful, at least I haven't seen the way, ignorant of it, unfortunately...

SiteServer CMS UserCenter/login. aspx page the user name at sql injection-vulnerability warning-the black bar safety net

After testing spike the latest of the 3. Version 5 stieserver official website:www. siteserver. cn EXP: Direct access to the UserCenter/login. aspx The username at the input: 1 2 3'insert into bairongAdministratorUserName,Password,PasswordFormat,PasswordSalt...

DEXTUpload filter is not strict lead to any uploaded file for the webshell permissions-bug warning-the black bar safety net

DEXTUpload filter is not strict lead to any uploaded file for the webshell permissions Detailed description: ! The first option one can upload the gif image,properly uploaded,spying on function of whether you can complete the upload ! Upload it,don't know pass? So I just upload when the time to r...

SiteServer CMS 3.5 background upload WEBSHELL-vulnerability warning-the black bar safety net

Version number: SiteServer CMS 3.5 Background,Upload a single GIF format Trojan. Then,through the site, file management,modify the file name,you can modify the picture Trojan horse in the format . aspx Version number: SiteServer CMS 3.5 http://demo2.siteserver.cn/siteserver/login.aspx Account:...

8 ways siteserver background getwebshell and safety recommendations-vulnerability warning-the black bar safety net

First: stencil management to directly modify the file source code can be obtained webshell Second: editor vulnerability http://demo2.siteserver.cn/siteserver/TextEditor/fckeditor/ can get webshell Third: stencil add actually have add asp to the aspx file the template in webshell Fourth: the page...

SiteServer CMS 0Day-vulnerability warning-the black bar safety net

After testing spike the latest of the 3. Version 5 stieserver official website:www. siteserver. cn EXP: Direct access to the UserCenter/login. aspx The username at the input: 1 2 3'insert into bairongAdministratorUserName,Password,PasswordFormat,PasswordSalt...

Secret phpwebshell in the backdoor-vulnerability warning-the black bar safety net

Only will this document give to others the webshell to make a contribution to the classmates. Take down a website, after, Of course, pass webshll, mention right. But some people will be in webshell insert small piece of code, so that your hard-won webshell address and password, and so on will be...

kingcms 5.0 vulnerability-a vulnerability warning-the black bar safety net

To 1. kingcms 5.0 fckeditor the default path in the admin/system/editor/FCKeditor/editor/fckeditor.Html The local horse named for the hx. asp;jpg watch jpg the front there is no point.. OK..actually later do stations combined fckeditor this editor..plus the best verification..only management can...

Feindura CMS v2.0.4 <= (thumbnail) File Upload Vulnerability

The Bug is 0day on Feindura CMS v2.0.4 when use Thumbnail to upload images attacker can upload remote and big file/webShell 100mb .gif to the target . Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail : submitat1337day.com...

The latest FCKEditor ASP upload bypass vulnerability-vulnerability warning-the black bar safety net

exploiut-db: FCKEditor ASP Version 2.6.8 File Upload Protection Bypass - Title: FCKEditor 2.6.8 ASP Version File Upload Protection bypass - Credit goes to: Mostafa Azizi, Soroush Dalili - Link:http://sourceforge. net/projects/fckeditor/files/FCKeditor/ - Description: There is no validation on...

Mysql provide the right to exploit the expanded applications-vulnerability warning-the black bar safety net

This: MySQL Windows Remote System Level Exploit Stuxnet technique 0day http://www.exploit-db.com/exploits/23083/ Roughly looked at, the original is in the export file when the out of the question, specifically how out of the question, showing look at the mysql source code than I can see to...

The South data website management system injection vulnerabilities&background get WebShell-vulnerability warning-the black bar safety net

/Databases/0791idc. mdb 1. Injection point:newssearch. asp? key=7%' union select 0,username%2BCHR1 2 4%2Bpassword,2,3,4,5,6,7,8,9 from admin where 1 or '%'='&otype=title&Submit=%CB%D1%CB%F7 It may beanother versionnewssearch. asp? key=7%' union select 0,username%2BCHR1 2...

SHOPEX 4.8.5后台任意上传获取webshell

简要描述： SHOPEX 4.8.5后台任意上传获取webshell，藏了很久了 发了吧 详细说明： SHOPEX 4.8.5后台任意上传获取webshell，本地构造GIF89欺骗头文件一句话木马，上传并替换plugins下的PHP文件原文件自动备份，导致获取WEBSHELL 漏洞证明：...

IDIC Blogs Shell Upload Vulnerability

IDIC Blogs suffers from a remote shell upload vulnerability. '/ -.- --------------------oOO------OOo---------------------- | IDIC Blogs Arbitrary File Upload Vulnerability | --------------------------------------------------------- ! Discovered: cr4wl3r ! Site: http://0xuht.org ! Download:...

IDIC Blogs Shell Upload

'/ -.- --------------------oOO------OOo---------------------- | IDIC Blogs Arbitrary File Upload Vulnerability | --------------------------------------------------------- ! Discovered: cr4wl3r ! Site: http://0xuht.org ! Download: http://sourceforge.net/projects/idicblogs/files/ ! Version: - !...

AWAuctionScript CMS v1.x - Multiple Web Vulnerabilities

Document Title: =============== AWAuctionScript CMS v1.x - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=741 Release Date: ============= 2012-11-04 Vulnerability Laboratory ID VL-ID: ==================================== 741...