113 matches found
EspCMS最新版可伪造任意帐户登陆(简单利用代码)
简要描述: EspCMS最新版可伪造任意帐户登陆(源码分析) 测试版本espcmsutf85.8.14.03.03b 详细说明: EspCMS中用户cookie生成算法中重要的就是dbpscode 貌似前面有大牛提交过多次,厂商都只是略作修改,并没有最终搞定问题 这里来说一下,可以通过注册普通帐号,通过帐号+cookie破解得到dbpscode 首先是cookie加密算法,/public/classfunction.php,144-170行 function eccode$string, $operation = 'DECODE', $key =...
Woven dream CMS vulnerability dedecms vulnerability 2013-02-10 SQL injection vulnerability-vulnerability warning-the black bar safety net
www.xxx.com/plus/search.php?keyword= In include/shopcar. class. php First take a look at this shopcar class is how to generate the cookie 2 3 9 function saveCookie$key,$value 2 4 0 2 4 1 ifisarray$value 2 4 2 2 4 3 $value = $this-enCrypt$this-enCode$value; 2 4 4 2 4 5 else 2 4 6 2 4 7 $value =...
[SECURITY] [DSA 2421-1] moodle security update
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2421-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 29, 2012 http://www.debian.org/security/faq -...
Debian: Security Advisory (DSA-2421-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DSA-2421-1 : moodle - several vulnerabilities
Several security issues have been fixed in Moodle, a course management system for online learning : - CVE-2011-4308 / CVE-2012-0792 Rossiani Wijaya discovered an information leak in mod/forum/user.php. - CVE-2011-4584 MNet authentication didn't prevent a user using 'Login as' from jumping to a...
[SECURITY] [DSA 2421-1] moodle security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2421-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff February 29, 2012 http://www.debian.org/security/faq -...
Stack overflow
Stack-based buffer overflow in the suhosinencryptsinglecookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long...
CVE-2012-0807
Stack-based buffer overflow in the suhosinencryptsinglecookie function in the transparent cookie-encryption feature in the Suhosin extension before 0.9.33 for PHP, when suhosin.cookie.encrypt and suhosin.multiheader are enabled, might allow remote attackers to execute arbitrary code via a long...
SoftMP3 - SQL Injection
SoftMP3 - SQL Injection Exploit Title: SOFTMP3 source code SQL injection Date: 23/04/2011 Author: mArTi Software Link: http://softmp3.org/ Version: No others versions available... Tested on: Windows / Unix /.................................../ Introduction /.................................../...
Most soil buy the system blind and cookie spoofing vulnerability-vulnerability warning-the black bar safety net
Most soil group purchase system is a domestic famous group purchase program in the domestic group purchase system of share in the proportion is very large. But because some version of some where filtering does not completely lead to injection vulnerabilitiesnon-killed. Find a way powered by zuitu...
Design/Logic Flaw
The web management interface in Citrix NetScaler 8.0 build 47.8 uses weak encryption XOR of unpadded data to store credentials within a cookie, which makes it easier for remote attackers to obtain cleartext credentials when a cookie is captured via a known-plaintext attack...
Citrix NetScaler weak cryptography
Username/password are stored as a part of cookie with encryption XORing with reused key, making it's possible to discover parts of the password...
Timing attack vector for remember me token
The current rememberme token verification process leaves the application open to a timing attack. Since the default is for the token to be stored as a cookie and for cookies to be encrypted, an attacker would have to know the application secret to exploit this. However, should a custom guard be...