151 matches found
Guojiz Change Password Interface Has Arbitrary User Privilege Vulnerability
Guojiz is a light community system based on layui front-end framework and thinkphp. Guojiz password change interface has any user privilege vulnerability, an attacker can use this vulnerability to modify any user's data table information, so as to enhance their own or other people's privileges...
Sql injection
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a mcenter data related table...
CVE-2018-11801
SQL injection vulnerability in Apache Fineract before 1.3.0 allows attackers to execute arbitrary SQL commands via a query on a mcenter data related table...
Cross-Site Scripting
Overview All versions of md-data-table are vulnerable to cross-site scripting XSS. This vulnerability is exploitable if an attacker has control over data that is rendered by mdt-row Recommendation As there is no fix for this vulnerability at this time we recommend either selecting another package...
Veris: Stored XSS on 'Badges' page
Issue related to Stored XSS on Badges data table...
Piwik Local File Containment Vulnerability
Piwik formerly known as phpMyVisites is an open source website access statistics system based on PHP5 and MySQL. A local file inclusion vulnerability exists in the core/ViewDataTable/Factory.php script in Piwik versions prior to 2.15.0. A remote attacker can exploit this vulnerability to include...
shopex the latest version front an unexpected SQL injection vulnerability-vulnerability warning-the black bar safety net
shopex code The core of the place to do the encryption process, to find loopholes just need a little imagination, such as thisSQL injection... Exists in the user registrycan't think of the location? /core/shop/controller/ctl.passport.php 2 6 7 row if !$ info = $account-create$POST,$message ... 2...
shopex最新版前台一处想不到的SQL注入
简要描述: shopex代码核心的地方都做了加密处理,找漏洞就需要一点想象空间了,比如这个SQL注入... 详细说明: 存在于用户注册想不到的位置吧? 1. /core/shop/controller/ctl.passport.php 267行 if !$info = $account-create$POST,$message ... 2.看到1,想到有没有可能$account-create是foreach $POST构造sql语句的呐? 3.看数据表结构: 果断提交时$POST里加入memberid测试其实测试时我还试了mobile等,嘿,只捡有用的字段说,然后就有了下图: 漏洞证明:...
phpweb finished website full version through the kill injection vulnerability and fix-vulnerability warning-the black bar safety net
Keywords: inurl:webmall/detail. php? id Data table: pwnbaseadmin About to get shell 首先 登录 后台 admin.php See the upload. php source code analysis for an afternoon, and then about understand that although the upload where only allowed to upload gif,jpg,png,bmp four types of files, but not the file...
Empire(EmpireCMS)cms 6.6 the background to get shell-vulnerability warning-the black bar safety net
Previous 6. 5http://www.badguest.cn/Article/201011/78510.htmlsomeone hair of the method is that the background---system setup---the management data table---management system models---import new module,directly put the modified php shell was renamed the shell. php. mod uploaded, the new version us...
Empire cms backstage to get a shell vulnerability and fix-vulnerability warning-the black bar safety net
The first method: add a custom page 6.0 on experiment success Template management - add custom page - page name casually--file name: xx. asp;. html--the page content--pony copy the contents into it Save the post and then the Admin page Click you can go see your horse, generally in the root...