EUVD-2007-6543

Malware in sbrugna...

Exploit for Path Traversal in Codiad

Exploit-Framework Exploits: |Vendor|Vulnerability|Effected Version|Description|Author| |:-:|:-:|:-:|:-:|:-:| |zblog|NOTCVE| https://github.com/WangYihang/Exploit-Framework/wiki Contribution: 1. Guidance of writing exploit module TODO: - 解析字符串 - 深层模块化 - 上下文栈维护 - 日志 - 自动补全 - Exploit 搜索 - Wiki -...

Exploit for Path Traversal in Codiad

Exploit-Framework Exploits: |Vendor|Vulnerability|Effected Version|Description|Author| |:-:|:-:|:-:|:-:|:-:| |zblog|NOTCVE| https://github.com/WangYihang/Exploit-Framework/wiki Contribution: 1. Guidance of writing exploit module TODO: - 解析字符串 - 深层模块化 - 上下文栈维护 - 日志 - 自动补全 - Exploit 搜索 - Wiki -...

Exploit for Path Traversal in Codiad

Exploit-Framework Exploits: |Vendor|Vulnerability|Effected Version|Description|Author| |:-:|:-:|:-:|:-:|:-:| |zblog|NOTCVE| https://github.com/WangYihang/Exploit-Framework/wiki Contribution: 1. Guidance of writing exploit module TODO: - 解析字符串 - 深层模块化 - 上下文栈维护 - 日志 - 自动补全 - Exploit 搜索 - Wiki -...

File upload vulnerability in zblogphp 1.5.1

Z-Blog is an open source program based on Asp and PHP platforms. Z-Blog has a file upload vulnerability that can be exploited by an attacker to gain control of the web server...

Zblog 2.0 /zb_install/index.php 本地文件包含漏洞

问题出现在zbinstall/index.php中 $zbloglang=&$zbp-option'ZCBLOGLANGUAGEPACK'; //首先定义zbloglang ifisset$POST'zbloglang'$zbloglang=$POST'zbloglang';//如果设置了post的 就用post传递来的做这变量了。 因为zblog防止sql注入都是通过在查询函数的时候 不采用拼接 所以他们也没对post转义 这样是注入少了 但是也造成了这里的漏洞。 $zbp-LoadLanguage'system','',$zbloglang;//跟跟跟...

File Inclusion Vulnerability in Zblog

Zblog is based on the Asp platform Blog blog weblog program. Zblog has a file inclusion vulnerability. zbinstall/index.php does not escape POST, and an attacker can truncate the .php that follows...

zBlog 1.2 - Remote SQL Injection Vulnerability

No description provided by source. zBlog v1.2 Remote SQL Injection Exploit AUTHOR : H-T Team HouSSamix ToXiC350 CoNaN HOME : http://no-hack.net Script : zBlog Version : 1.2 Site : http://kaxz01.free.fr/ Download : http://kaxz01.free.fr/fichiers/zBlog.zip EXPLOITS : 1...

zblog1. 8 latest cross-site XSS vulnerability and repair method-vulnerability warning-the black bar safety net

Publishing author: Clouder Affected versions: zblog 1.8 Official website: http://www.rainbowsoft.org/ Vulnerability type: path Station Vulnerability file: cmd. asp Vulnerability address: http://blog.rainbowsoft.org/cmd.asp?act=gettburl&id=1 0"iframe%20src=http://www. waitalone. cn%2 0/iframe Brie...

zblog latest XSS-vulnerability warning-the black bar safety net

The code is as follows:div class="post-body formattext"scriptalert/test//script please visit later/div Incidentally also found the background to pass the attachment directly transfer the iis parsing vulnerabilities of the picture, you can directly get the shell. ···...

Advanced xss pass to kill zblog all versions-bug warning-the black bar safety net

Xssthe advanced use of Author:van Blog:www. ghostvan. cn Test environment-Vmware , z-blog1. 8 Affect the version of the pass to kill Passive attacks zblog XSS the latest available. For original,bleeding,looked at it,a few months,haven't patch,the official also have this hole. Our next new version...

Sql injection

Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via 1 the categ parameter in a categ action or 2 the article parameter in an articles action...

CVE-2007-6577

Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via 1 the categ parameter in a categ action or 2 the article parameter in an articles action...

CVE-2007-6577

CVE-2007-6577 affects zBlog 1.2, with multiple SQL injection vulnerabilities in index.php. The flaws allow remote attackers to manipulate the database via the categ action (categ parameter) or the articles action (article parameter). Root cause is improper handling/sanitization of user input in i...

CVE-2007-6577

Multiple SQL injection vulnerabilities in index.php in zBlog 1.2 allow remote attackers to execute arbitrary SQL commands via 1 the categ parameter in a categ action or 2 the article parameter in an articles action...

zBlog 'index.php' SQL注入漏洞

BUGTRAQ ID: 26994 CNCAN ID:CNCAN-2007122415 zBlog是一款基于PHP的WEB应用程序。 zBlog不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击，可获得敏感信息或操作数据库。 问题是由于'index.php'脚本对用户提交的WEB参数处理缺少充分过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息或操作数据库。 z'Suite zBlog 1.2 目前没有解决方案提供： http://kaxz01.free.fr/...

zblog-sql.txt

zBlog v1.2 Remote SQL Injection Exploit AUTHOR : H-T Team HouSSamix ToXiC350 CoNaN HOME : http://no-hack.net Script : zBlog Version : 1.2 Site : http://kaxz01.free.fr/ Download : http://kaxz01.free.fr/fichiers/zBlog.zip EXPLOITS : 1...

zBlog 1.2 Remote SQL Injection Vulnerability

No description provided by source. zBlog v1.2 Remote SQL Injection Exploit AUTHOR : H-T Team HouSSamix ToXiC350 CoNaN HOME : http://no-hack.net Script : zBlog Version : 1.2 Site : http://kaxz01.free.fr/ Download : http://kaxz01.free.fr/fichiers/zBlog.zip EXPLOITS : 1...

zBlog 1.2 - SQL Injection

zBlog v1.2 Remote SQL Injection Exploit AUTHOR : H-T Team HouSSamix ToXiC350 CoNaN HOME : http://no-hack.net Script : zBlog Version : 1.2 Site : http://kaxz01.free.fr/ Download : http://kaxz01.free.fr/fichiers/zBlog.zip EXPLOITS : 1...

zBlog 1.2 - SQL Injection

zBlog 1.2 - SQL Injection zBlog v1.2 Remote SQL Injection Exploit AUTHOR : H-T Team HouSSamix ToXiC350 CoNaN HOME : http://no-hack.net Script : zBlog Version : 1.2 Site : http://kaxz01.free.fr/ Download : http://kaxz01.free.fr/fichiers/zBlog.zip EXPLOITS : 1...