用友畅捷服务联盟4S店被上传webshell（shell存在弱口令）

简要描述： 见说明 详细说明： 用友畅捷服务联盟4S店（企通服务）官网 检测过程中检测到一aspx马，弱口令直接进 http://www.uftong.com/Admin/ManagerTestimony/ftb.image.aspx 密码admin --! 漏洞证明：...

Umbraco CMS 4.x Arbitrary aspx File Upload Vulnerability

Umbraco CMS version 4.x is vulnerable to a remote code execution vulnerability. An attacker can upload files via an unsecured web service located at /umbraco/webservices/codeEditorSave.asmx method SaveDLRScript. I created this exploit because in some audits the public exploit that juan vazquez...

Prizm Content Connect - Arbitrary File Upload

Prizm Content Connect - Arbitrary File Upload source: https://www.securityfocus.com/bid/57242/info Prizm Content Connect is prone to an arbitrary file-upload vulnerability because it fails to adequately validate files before uploading them. An attacker may leverage this issue to upload arbitrary...

Prizm Content Connect - Arbitrary File Upload

source: https://www.securityfocus.com/bid/57242/info Prizm Content Connect is prone to an arbitrary file-upload vulnerability because it fails to adequately validate files before uploading them. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can resul...

EasyWeb SQL Injection

Exploit Title: easyweb SQLi Vulnerability Date: 09/03/2012 Author: Persia Security Group - Prince & mafia1990 Vendor Homepage: http://www.easy-web.it/ Version: All Version Google Dork: intext:"powered by easyweb" site:it Tested on: win 2003 & 2008 server , Vista , 7 & IIS 6.0, 7.0, 7.5...

Douran Portal 3.9.8.25 SQL Injection

The last version of this portal which used by own company, have SQL Injection bug: http://www.douran.com/homepage.aspx?site=DouranPortal&tabid=1SQLi&lang=fa-IR Ver: DOURAN Portal V3.9.8.25 Exploit Title: Douran Portal SQLi Vulnerability Date: 08/31/2012 Author: Persia Security Group - Prince &...

Umbraco CMS - Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Umbraco CMS Remote Command Execution'...

Umbraco CMS Remote Command Execution

This module can be used to execute a payload on Umbraco CMS 4.7.0.378. The payload is uploaded as an ASPX script by sending a specially crafted SOAP request to codeEditorSave.asmx, which permits unauthorized file upload via the SaveDLRScript operation. SaveDLRScript is also subject to a path...

Umbraco CMS Remote Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Umbraco CMS Remote Command Execution'...

Microsoft IIS 6.0/7.5 Multiple Vulnerabilities(Authentication Bypass)

No description provided by source. THIS IS A GENUINE ISOWAREZ RELEASE ------------------------------------------------------------------------------------------------------------------------------------------------------------ Title: Microsoft IIS 6.0 with PHP installed Authentication Bypass...

EZEIP3. 0 multi-page upload validation vulnerability-vulnerability warning-the black bar safety net

Modify the IE browser security settings, the modulation is the highest, however, prohibit the js execution. 2. Open the Modify upload Type page, add aspx type, click Save, and then open the upload page to upload There is a problem of the upload Type page: http://www.XXX.com/...

CVE-2012-0729

Unrestricted file upload vulnerability in IBM Rational AppScan Enterprise 5.x and 8.x before 8.5.0.1 allows remote authenticated users to execute arbitrary ASP.NET code by uploading a .aspx file, and then accessing it via unspecified vectors...

EZEIP3. 0 multi-page upload validation vulnerability and fix-vulnerability warning-the black bar safety net

Modify the IE browser security settings, the modulation is the highest, however, prohibit the js execution. 2. Open the Modify upload Type page, add aspx type, click Save, and then open the upload page to upload There is a problem of the upload Type page:...

JqueryUpload large file upload arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

Guess the solutions to catalog, direct access to the default. aspx you may need to modify the parameter uploadid,the specific capture can be seen, can not make the undefined） 2. Test upload, the capture 3. Modify the Upload Directory can be arbitrarily specified 4. Guessing file name: the server...

New breakthrough fckeditor vulnerability-vulnerability warning-the black bar safety net

After testing, this method through the kill asp, aspx version, not for php. Before the many ways, such as uploading. asp and other types of files; create. asp, etc. directory...... Today encountered a fck editor, followed before a lot of times like, the above methods to no avail. Create. asp; the...

CVE-2011-3140

IBM Web Application Firewall, as used on the G400 IPS-G400-IB-1 and GX4004 IPS-GX4004-IB-2 appliances with update 31.030, does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass intended intrusion prevention by dividing a...

Discuz! NT 3.1.0 后台拿webshell

简要描述： 通过后台写入执行代码，直接拿到webshell，从而掌握服务器权限。 详细说明： 1、访问http://127.0.0.1/admin/global/globaltemplatesedit.aspx?path=../tools/&filename=rss.aspx&templateid=1&templatename=Default，写入aspx木马。 2、写入aspx木马后，访问http://127.0.0.1/tools/rss.aspx就可以了。 漏洞证明：...

Discuz! NT 3.1.0 后台拿webshell

简要描述： 通过后台写入aspx木马，直接拿到webshell，然后获取整个服务器权限。 详细说明： 1、访问http://127.0.0.1/admin/global/globaltemplatesedit.aspx?path=../tools/&filename=rss.aspx&templateid=1&templatename=Default，写入aspx木马。 2、写入aspx木马后，访问http://127.0.0.1/tools/rss.aspx就可以了。 漏洞证明：...

AspX Remote XML Inclusion

Title : AspX liste.swf Remote XML inclusion Author : KedAns-Dz E-mail : [email protected] Home : HMD/AM 30008/04300 - Algeria -00213555248701 Twitter page : twitter.com/kedans Platform: asp --------------------------- GoOgle Dork : "inurl:cheminXML=" ----------------------------------------------...

Use the IIS semicolon parsing upload vulnerability analysis-vulnerability warning-the black bar safety net

First look at the following a very common file upload extension filter code: fileExt=lcaseofile. FileExt arrUpFileType=splitUpFileType,"|" for i=0 to uboundarrUpFileType if fileEXT=trimarrUpFileTypei then EnableUpload=true exit for end if next if fileEXT="asp" or fileEXT="asa" or fileEXT="aspx" o...