Supesite 前台注入 #3 (Delete)

简要描述： Delete 如果ucenter和supesite在一个裤的话 可以尝试把uckey注入出来 然后…… 详细说明： 在cp.php中 $ac = empty$GET'ac' ? 'profile' : trim$GET'ac'; ifinarray$ac, array'index', 'news', 'profile', 'credit', 'models' includeonceSROOT.'./source/cp'.$ac.'.php'; 包含进来 在source/cpnews.php中 ifempty$itemid //这里让$itemid 不为空...

Supesite 前台二次注入一枚

简要描述： 二次猪肉。 详细说明： 在cp.php中 $ac = empty$GET'ac' ? 'profile' : trim$GET'ac'; ifinarray$ac, array'index', 'news', 'profile', 'credit', 'models' includeonceSROOT.'./source/cp'.$ac.'.php'; 包含文件进来 在source/cpnews.php中 $newsarr = array'subject' = $POST'subject', 'catid' = $POST'catid', 'type' =...

AIOCP 1.3.x - 'cp_news.php' SQL Injection

source: https://www.securityfocus.com/bid/20931/info All In One Control Panel AIOCP is prone to multiple input-validation vulnerabilities because it fails to sufficiently sanitize user-supplied input data. Exploiting these issues could allow an attacker to steal cookie-based authentication...