Monki Chinese Class: For Kids - Customized SSL, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Monki Chinese Class: For Kids published at the 'play' market has multiple vulnerabilities...

Discuz! Forum the wap function module coding injection vulnerability-vulnerability warning-the black bar safety net

Information source: evil octal information security team www.eviloctal.com） Author: ainideX Affected version: Discuz! 4.0.0 Discuz! 4.1.0 Discuz! 5.0.0 Discuz! 5.5.0 Discuz! 6.0.0 Discuz! 6.1.0 Description: Discuz! The forum system is a PHP and MySQL such as a variety of other databases to build...

Discuz! $_DCACHE数组变量覆盖漏洞

由于Discuz! 的wap\index.php调用Chinese类里Convert方法在处理post数据时不当忽视对数组的处理,可使数组被覆盖为NULL.当覆盖$DCACHE时导致导致xss sql注射 代码执行等众多严重的安全问题.br / br / 一 分析br / /wap/index.phpbr / //43行br /pre$chs = ''; if$POST && $charset != 'utf-8' $chs = new Chinese'UTF-8', $charset; foreach$POST as $key = $value $$key =...

Discuz! Forum the wap function module coding injection vulnerability-vulnerability warning-the black bar safety net

Author: The Frozen prodigal son Due to the hair in a blog on the vulnerability information to a bit beef up. Official has out patch. Since PHP for multibyte character sets support the existence of problem in various coding conversion process, it is possible to initiate a program overflow and...

Discuz!论坛wap功能模块编码的注射漏洞

Discuz!论坛系统是一个采用 PHP 和 MySQL 等其他多种数据库构建的高效论坛解决方案。Discuz! 在代码质量，运行效率，负载能力，安全等级，功能可操控性和权限严密性等方面都在广大用户中有良好的口碑 由于 PHP 对 多字节字符集的支持存在问题，在各种编码相互转换过程中，有可能引发程序溢出和程序错误 提交一个 ' 转意成 ' 然后转成gbk的，\和'就变成两个字符了 '就可以成功的引入 Discuz!4.0.0 Discuz!4.1.0 Discuz!5.0.0 Discuz!5.5.0 Discuz!6.0.0 Discuz!6.1.0...