WebLogic simple catch the chicken law-vulnerability and early warning-the black bar safety net

This article has been published in the hacker X-Files for 2 0 0 8 year 1 1 issue of the magazine on After the author published on the blog, such as reproduced please retain this information! Tomcat is estimated to many people to bring a N meaty chicken server, directly scan weak passwords, into t...

XPSHOP Shopping Mall system Cookies spoofing vulnerability-vulnerability warning-the black bar safety net

Article authors: 1 2 1 7 1 1 0 9 0 Information source: evil octal information security team www.eviloctal.com） Accidentally found this loophole..official now also don't know...I'm not elsewhere in the published Oh.. This vulnerability is bad...to the straight pull change people the administrator...

XPSHOP Shopping Mall system vulnerabilities-vulnerability warning-the black bar safety net

XPSHOP Shopping Mall system vulnerabilities Accidentally found this loophole..official now also don't know...I'm not elsewhere in the published Oh.. This vulnerability is bad...to the straight pull change people the administrator password!! A little bit wicked!!!... But for the sake of our networ...

Discuz! admin\runwizard.inc.php get-webshell bug

由于Discuz!的admin\runwizard.inc.php里saverunwizardhistory写文件操作没有限制导致执行代码漏洞. 在文件admin\runwizard.inc.php里代码: $runwizardhistory = array; $runwizardfile = DISCUZROOT.'./forumdata/logs/runwizardlog.php'; if$fp = @fopen$runwizardfile, 'r' $runwizardhistory = @unserializefread$fp, 99999; fclose$fp;...

PHP168 whole Station system of 0DAY-vulnerability warning-the black bar safety net

The first description under this hole is in the other places to see, just he did not say very clearly, a lot of the vegetable dishes are Do not understand, I take it I first posted it in! This hole is actually the use of the program coding vulnerabilities, download the configuration and the login...

Webshell under to crack computer administrator password-vulnerability warning-the black bar safety net

Information source: evil octal information security team www.eviloctal.com） This idea derived from previous studies runas command when inspired. Method of use: 1, The your password dictionary was renamed into the psw. txt, upload to the target server is an executable, writable directory. It is...

潇湘在线の公开日记V1.0ampV2.0版存在暴库漏洞

如：http://www.target.com/diary/default.asp我们提交：http://www.target.com/diary%5cdefault.asp就能看到数据库的物理路径了！不过管理密码不在数据库，所以这个漏洞基本没什么用，但当被人把数据库改为ASP或ASA为后缀的文件，就可以写入WEBSHELL了。 V1.0&V2.0版 在数据库连接文件中加入容错代码。...

自由动力(My Power)3.6 sp2的注入漏洞

详细说明：自由动力3.6 sp2中多个文件过滤不严存在注入漏洞 下列文件匀存在被注入的危险： ArticleClass.ASP PhotoClass.asp SoftClass.asp UserInfo.ASP 3.6 sp2/Easypower4.0以下免费版本 下载官方提供最新补丁,http://www.asp163.net 使用破解版的NBSI轻松注入： http://www.target.com/UserInfo.asp?UserID=1 注意：特征字符填写 id 即可破解． 其他文件关键在于特征字符的找寻，即可注入．...

The latest Discuz! NT2. 5 vulnerability to report! - Vulnerability warning-the black bar safety net

Title: the latest Discuz! NT2. 5 vulnerability to report! Author: hackest H. S. T. This article has been published in the hacker X-Files for 2 0 0 8 P 1 0 issue of the magazine on After the author published on the blog, such as reproduced please retain this information! Summer, passion in August,...

CVE-2008-4448

Cross-site request forgery CSRF vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the 1 overkill, 2 futils, or 3 edit actions...

CVE-2008-4447

Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...

Cross site scripting

Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...

CVE-2008-4447

CVE-2008-4447 is a documented XSS vulnerability in Positive Software H-Sphere WebShell 4.3.10, exploitable via (1) fn in dload, (2) mask in search, or (3) tab in sysinfo within actions.php. The connected sources confirm the affected product/version and the vulnerable parameters, establishing a cr...

CVE-2008-4448

CVE-2008-4448 describes a CSRF vulnerability in actions.php of Positive Software H-Sphere WebShell 4.3.10. An attacker can induce an admin to perform unauthorized actions by visiting a crafted link or IMG tag targeting (1) overkill, (2) futils, or (3) edit actions, effectively enabling file delet...

CVE-2008-4447

Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...

H-Sphere WebShell 4.3.10 - actions.php Multiple Cross-Site Scripting Vulnerabilities

H-Sphere WebShell 4.3.10 - actions.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/31524/info H-Sphere WebShell is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may...

H-Sphere WebShell 4.3.10 - 'actions.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/31524/info H-Sphere WebShell is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting...

Analysis of the storm database vulnerability principle and the law-vulnerability and early warning-the black bar safety net

I see the storm library vulnerability principle and the law SQL injectionpopular for a long time, we're looking for vulnerability injection purpose is nothing but want to get the database stuff, such as username, password, etc., further the MSSQL database you can also take this to get permission...

Founder of the Desai paper authorization submission system vulnerabilities-vulnerability warning-the black bar safety net

Founder of the Desai paper authorization submission system Its description: http://baike.baidu.com/view/785813.htm That is a forum upload system. Many universities are using this system. In the following we will use the system vulnerabilities to invade Peking University. This exploits the basic...

webshell upload asp file called Server ActiveX control overflow access shell-vulnerability warning-the black bar safety net

| --- Do windows System penetration testing when there is a webshell, but don't get the shell, used to elevate privileges, it is a very depressing thing. In General, the use of mdb jet engine overflow is more common, but sometimes depending on the server installed on third-party software, the use...