Optergy Proton And Enterprise BMS 2.0.3a Command Injection Exploit

This Metasploit module exploits an undocumented backdoor vulnerability in the Optergy Proton and Enterprise Building Management System BMS applications. Versions 2.0.3a and below are vulnerable. Attackers can exploit this issue by directly navigating to an undocumented backdoor script called...

Live800在线客服系统默认密码导致的SQL查询/SQL注射漏洞

简要描述： Live800在线客服系统默认密码导致的SQL查询/SQL注射漏洞 详细说明： 在console/console.jsp文件中硬编码了验证权限的账户密码，通过登录console能够创建公司、修改客服密码，执行select查询以及SQL注射等高风险漏洞： if request.getParameter"iamkevin" == null if session.getAttribute"login" == null //response.sendRedirect"../noContent.jsp"; //return; else if...