6 matches found
Discuz 6.0 /my.php SQL注入漏洞
No description provided by source...
Discuz! 6.0 '2fly_gift.php' SQL Injection Vulnerability
No description provided by source...
Discuz! 6.0 存储型XSS
简要描述: Discuz! 6.0 存储型XSS 详细说明: Discuz! 6.0 【店铺介绍】存在XSS漏洞 不知道如何访问店铺(没找到这功能!?),所以不知道这个XSS是只跨自己还是跨任何访问店铺的人。 因为这个地方的xss(alert(/Liscker/;)跟去年发的那个【个性签名】 的xss一样,所以个人极度认为这个也是只能跨自己的,只能结合其它漏洞一起来用了。 漏洞证明:...
Discuz 6.0 viewthread.php 跨站漏洞
demo: http://bbs.51testing.com/viewthread.php?tid=%22%3E%3E%3Cscript%3Ealert%28insafe--SecEyE%29%3C/script%3E%3Cmarquee%3E%3Ch1%3EINSAFE%20By%20SECEYE%3C/h1%3E%3C/marquee%3E 不解释,COPY的朋友请留个北洋贱队的url就可以了 Discuz 6.0 升级到最新版本...
Discuz 6.0 SQL Injection
Securitylab.ir Application Info: Name: Discuz Version: 6.0 Website: http://www.discuz.net Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql Injection Vulnerability Risk: Medium Dork: © 2008 - 2009...
Discuz! "$_SERVER['PHP_SELF']" XSS Vulnerability
在common.inc.php文件的69行: $PHPSELF = $SERVER'PHPSELF' ? $SERVER'PHPSELF' : $SERVER'SCRIPTNAME'; $SCRIPTFILENAME = strreplace'\\', '/', isset$SERVER'PATHTRANSLATED' ? $SERVER'PATHTRANSLATED' : $SERVER'SCRIPTFILENAME'; $boardurl = 'http://'.$SERVER'HTTPHOST'.pregreplace"//+api|archiver|wap?/$/i",...