Discuz! X 跨站脚本漏洞

Discuz! X is a forum platform. A cross-site scripting vulnerability exists in version 3.4-20200818 and prior versions of Discuz! X. The vulnerability stems from the fact that incorrect manipulation of the uchidden parameter can lead to cross-site scripting...

Discuz! 跨站脚本漏洞

Cansheng Xinchuang Technology Discuz! is a community forum system based on PHP and MySQL by Cansheng Xinchuang Technology Company in China. A security vulnerability exists in Discuz! X version 3.4, which stems from the presence of a cross-site scripting XSS vulnerability that can be exploited by ...

Discuz!ML 3.x Arbitrary Code Execution Vulnerability

Discuz!ML is a multilingual open source community system based on the Discuz!X engine. An arbitrary code execution vulnerability exists in Discuz!ML 3.x, which can be exploited by attackers to execute arbitrary code...

X-Series Remote Code Execution Vulnerability

Discuz! is a popular web forum program. A remote code execution vulnerability exists in the updatebadwords method in the Discuz! X series api/uc.php file. An attacker can exploit the vulnerability to perform arbitrary code execution...

Discuz! x某功能越权漏洞

简要描述： rt 详细说明： 相册功能,里面的编辑图片说明可以越权修改 在 source/include/spacecp/spacecpalbum.php中 code foreach $POST'title' as $picid = $value //这里遍历数据 if$value == $GET'oldtitle'$picid continue; $title = getstr$value, 150; $title = censor$title; ifcensormod$title || $G'group''allowuploadmod' $picstatus = 1;...

Discuz!X一个为所欲为的csrf+hpp(站点脱裤，任意文件文件操作，目录穿越，可能其他cms躺着中枪)

简要描述： Discuz!x 一个为所欲为的csrf站点脱裤，任意文件文件操作，目录穿越，可能其他cms躺着中枪 求闪电！！！！！！！！！！！！！！ 详细说明： 此漏洞来自dz公司的ucenter，这个ucenter，应该是在数据库备份操作时候，没有做csrf防御可导致dz被文件操作，脱裤等等，开始分析： 下来我们分析代码： ucserver\control\admin\db.php:85-ll6行: function onoperate requireonce UCROOT.'lib/xml.class.php'; $nexturl = getgpc'nexturl'; $appid ...

Discuz!x xss反弹后台无防御sql注入getshell(附带exploit)

简要描述： Discuz!x xss反弹后台无防御sql注入getshell，这里的xss只是做一个药引子，因为xss来自日志功能，然而这个日志功能却又默认关闭的，为了测试我们开启它。这个漏洞应该是所有dz通杀的，我下载了最新版本的所以测试通过...... 详细说明： 首先我们开启日志功能，然后存储一个xss看看： 测试一个xss页面： 我们调到文章页面看看，是否被执行了： 下来我们看看怎样把这个发给管理员呢，底下有一个举报页面： 我们以管理员的身份看看这个后台的举报请求： 这个过程我们分析完毕了，下来我们看看后台一处，无防御的sql注入：...

Discuz! X系某插件导致储存型XSS漏洞（直接利用没过滤）

简要描述： Discuz! X系某插件导致储存型XSS漏洞（直接利用没过滤） 详细说明： http://addon.discuz.com/[email protected] 就是这款插件哦 我们随便谷歌一下 漏洞证明：...

Discuz! X A XSS-vulnerability warning-the black bar safety net

Self XSS + Click Jacking == storage type XSS http://hi.baidu.com/hacklele/admin.php?frames=yes&action=moderate&operation=threads, the page has a hidden form"title", you can GET submitted, the Management click"Submit"after the trigger. Because it is a Self XSS, bad use, and Discuz the background i...

Discuz! X 储存型XSS (X1 ~ X3.1最新版)

简要描述： Discuz! X 储存型XSS一枚，存在于X1 X3.1最新版 详细说明： 发表帖子时，Discuz对于其中的ed2k链接做了解析处理，虽然对于链接中的名称等进行了处理，但是未对传入的文件大小做处理（转为int），造成了XSS。 ed2k地址形如：...

Discuz! x-Series conversion tool any to write code that vulnerability-vulnerability warning-the black bar safety net

Discuz! x-Series conversion tools exist to any code written to exploit, tick on the pig man and also a great brush rank also brush almost, today know that there are children's shoes has been announced! so, the release of prior learning python to write of the exploits exp, just to practice hand...

Discuz! X latest Getshell vulnerabilities EXp(comes with the plug-in)-bug warning-the black bar safety net

dz0day published In fact, we're knife inside has been playing the scrap -. - By worship under the maniac a large cattle... === Looking at before we begin to be like the clouds submitted to the author of the tribute, because it is He that title only makes us sharp knives team to research out, of...

discuz x latest background Getshell detailed use method-vulnerability warning-the black bar safety net

User – the user column – the column packet – submit – capture I am in this error, be sure to submit, or catch the data packet is not the same | 1 | The Content-Disposition: form-data; name="settingnewprofilegroupnewbaseavailable" ---|--- Read: 1 | Content-Disposition: form-data;...

Discuz!某处功能缺陷可导致特定情况下无视安全提问直接登录

简要描述： 详细说明： Discuz!X云平台有QQ互联功能，可使用QQ账号绑定论坛账户登陆论坛。但是，如果论坛账户设置了安全提问的情况下，使用关联的QQ账号登陆依然不需要安全提问，造成安全问题。 漏洞证明： 0x01.我在一次安全测试中拿下了某小型领主站的数据库，并把它还原到了我的phpmyadmin中。经过查找，其中有5d6d某版主的密码hash。（此处有一个提示，precommonmember表中保存的并不是真实的密码md5，真正的hash在preucentermembers表中，算法为md5md5$pass.$hash 0x02.把hash拿去cmd5解密...

Discuz x 1.5 小松鼠(Discuz! X1.5 xss)

简要描述： 开发人员疏忽. 详细说明： 在发帖时输入imgjavascript:alert/sogili//img 漏洞证明： 自己去看咯...

discuz X demo experience package XSS cross-site vulnerabilities-vulnerability warning-the black bar safety net

Vulnerability file: source\function\directory most of the files filter is not strict Vulnerability testing:scriptalert/qing DISCUZ x test vulnerability/ Non-secure test the demo: http://fabu.coffly.com/home.php?mod=space&uid=1&do=profile...