CVE-2024-3537

A vulnerability was found in Campcodes Church Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/adminuser.php. The manipulation of the argument firstname leads to sql injection. The attack may be initiated remotely. The exploit has bee...

CVE-2022-38358

Improper neutralization of input during web page generation leaves the Eyes of Network web application vulnerable to cross-site scripting attacks at /module/adminnotifiers/rules.php and /module/reportevent/indext.php via the parameters rulenotification, rulename, and rulenameold, and at...

XYCMS健身会所建站系统 v1.1 jsxm_detail.asp 参数id SQL注入漏洞

0x01漏洞简介 XYCMS健身会所建站系统采用asp+access架构。其v1.1版本在/jsxmdetail.asp处对参数id 过滤不严，导致出现SQL注入漏洞。 0x02漏洞详情 该系统默认存在一个管理员数据表adminuser，该表包含管理员名称字段admin和密码 md5加密字段password，远程攻击者可以结合union方式获取敏感信息，登陆后台，上传shell。 0x03修复方案 过滤。...

XYCMS injection vulnerability 0day and fix-vulnerability warning-the black bar safety net

/common. asp? id=1 6 Injection vulnerability, there is a lot of anti-injection system, how to breakthrough and I don't say that! Table segments by default adminuser field default is admin password The default background h/admin/ Take the shell method eweb5. 5 The use of vulnerability must be with...

ecshop数据库默认账户信息，导致网站信息泄漏

简要描述： ecshop在默认安装的时候，安装程序会添加两个管理员账户，虽然管理员账户没有操作权限，但是通过这两个账户还是可以看到网站的订单数据. 详细说明： ecshop在默认安装的时候，安装程序会添加两个管理员账户，虽然管理员账户没有操作权限，但是通过这两个账户还是可以看到网站的订单数据. 这是adminuser表的截图。 漏洞证明： 随便找个ecshop的网站，打开后台,使用用户名:bjgonghuo1密码:bjgonghuo1可登录。 或者使用用户名：shgonghuo 密码：shgonghuo http://www.lefei.com/admin/...

gpEasy 1.6.1 - Cross-Site Request Forgery (Add Admin)

============================================= gpEasy Date : 04-29-2010 Site : http://www.giudinvx.altervista.org/ Location : Naples, Italy -------------------------------------------------------- Application Info Site : http://www.gpeasy.com/ Version: 1.6.1...

PHPDirector Game Edition 0.1 - Local File Inclusion SQL Injection Cross-Site Scripting

PHPDirector Game Edition 0.1 - Local File Inclusion SQL Injection Cross-Site Scripting Exploit Title: PHPDirector Game Edition Multiple Vulnerabilities LFI/SQLi/Xss Date: 2010-01-05 Author: Zer0 Thunder Site : http://www.play-online.bzh.be/forum/ Version: v0.1 Tested on: Windows XP sp2 WampServer...

The end of the novel System User validation vulnerability-vulnerability warning-the black bar safety net

Vulnerability file:session. asp Program code: if request. cookies"CnendWeb""admininfologinname""" and request. cookies"CnendWeb""admininfologname""" then set rs=server. createobject"adodb. recordset" sql="select from adminuser where username='"&request. cookies"CnendWeb""admininfologname"&"'"...

nucommunity-10.txt

From:Filistin,Lubnan,IraQ,Turkey !/usr/bin/perl Script Name: NuCommunity 1.0 clCatListing.asp Remote SQL Injection Exploit Coded by : ajann Author : ajann Contact : : use IO::Socket; if@ARGV newProto = "tcp", PeerAddr = "$server", PeerPort = "$port" || die "\n+ Connection failed...\n"; print...