Lucene search
K

4 matches found

seebug.org
seebug.org
added 2009/12/25 12:0 a.m.14 views

Discuz! 5.x&6.x&7x 重置用户密码漏洞

No description provided by source...

7.1AI score
Exploits0
myhack58
myhack58
added 2008/11/17 12:0 a.m.38 views

DZ! sodb-2 0 0 8-1 3 EXP published-vulnerability warning-the black bar safety net

!/ usr/bin/php ? php / Discuz! 6. x/7. x SODB-2 0 0 8-1 3 Exp By www.80vul.com Notes the value of the variable, add your own modifications / $host = ‘www.80vul.com’; // Server domain or IP $path = ‘/discuz/’; // Where the program path $key = 0; // The above variable is edited, make will the value...

7.1AI score
Exploits0
myhack58
myhack58
added 2008/11/15 12:0 a.m.21 views

Discuz! 6. x/7. x SODB-2 0 0 8-1 3 Exp-vulnerability warning-the black bar safety net

!/ usr/bin/php ? php / Discuz! 6. x/7. x SODB-2 0 0 8-1 3 Exp By www.80vul.com Notes the value of the variable, add your own modifications / $host = 'www.80vul.com'; // Server domain or IP $path = '/discuz/'; // Where the program path $key = 0; // The above variable is edited, make will the value...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2008/10/28 12:0 a.m.22 views

Discuz 6.X [flash] xss bug

其实该漏洞在2007年就公布过了1,但是经过80vul-A测试改漏洞一直没有被修补。该漏洞的分析主要点如下: 第一:Discuz!把allowScriptAccess设置为sameDomain:param name="allowScriptAccess" value="sameDomain"我们只需要把swf文件上传到目标上就可以使用flash调用我们构造的swf了。 第二:由于html调用flash是不限制后缀的,所以攻击者可以用图片文件的后缀如gif通过论坛的上传功能上传,上传功能只是使用了getimagesize来判断,但是swf一样可以通过该函数。 Discuz 6.X...

7.1AI score
Exploits0
Rows per page
Query Builder