cmseasy官网论坛discuz未更新可被注入

简要描述： cmseasy官网论坛（http://www.cmseasy.org）Discuz! 7.2未更新可被注入 详细说明： cmseasy官网论坛是Discuz! 7.2，有一个没打补丁的漏洞 参考链接： WooYun: Discuz7存在一处SQL注射漏洞（无需登录即可触发）...

Discuz! 7.2 某自带功能存在储存型XSS漏洞

简要描述： Discuz! 7.2 某自带功能存在储存型XSS漏洞 详细说明： 还是在签到哦 plugin.php?id=dpssign:sign 发表签到 签到可以写入xss 但是要干扰前面的代码 才可以形成xss https://images.seebug.org/upload/201409/1100522754a8ee564ad50b51a9dcd8669c53e051.jpg https://images.seebug.org/upload/201409/1100524583a5fba1a426878f1f3598aaf1fa7dfc.jpg 漏洞证明：...

discuz 7.2&discuz x<=2 后台注入

简要描述： 第二发 详细说明： 以dz7.2来说，漏洞位于task.php 57行， $query = $db-query"SELECT t., mt.csc, mt.dateline FROM $tablepretasks t LEFT JOIN $tablepremytasks mt ON mt.taskid=t.taskid AND mt.uid='$discuzuid' WHERE $sql AND t.available='2' $newbieadd ORDER BY displayorder, taskid DESC LIMIT $startlimit, $tpp";...

Discuz 7.2 /post.php 跨站脚本漏洞

No description provided by source...

discuz x1.5 discuz 7.2 后台getshell 0day通杀版

简要描述： xml过滤不严导致漏洞产生 详细说明： 方法为： 后台：插件--添加插件--请选择导入方式:上传本帖附件中的XML文件 并同时勾选上 允许导入不同版本 Discuz! 的插件易产生错误!! 然后确认 不懂的可以看演示动画。。 shell地址就为：data/plugindata/shell.lang.php discuz x1.5 shell地址就为：data/plugin/data/shell.lang.php discuz 7.2 漏洞证明：...

discuz 7.2 code execution vulnerability using the method of two-vulnerability and early warning-the black bar safety net

Use the exp while only the machine testing, and other purposes at your own risk! The first method: First register a user and then put form method="post" action=" http://www.xxx.com/bbs/misc.php" enctype="multipart/form-data" Post ID, specify the presence of a post:input type="text" name="tid"...

Discuz 7.2 存储型XSS

简要描述： Discuz 7.2 存储型XSS，可编写蠕虫传播。 详细说明： discuz 7.2 个人空间发表博客，默认管理员可编辑源码，但管理员可在后台设置权限允许普通用户编辑。 该处存在XSS弱点，可编写蠕虫进行传播。每个用户的表单hash值可在html获得，不需要考虑salt，获得cookie即可。 漏洞证明： discuz 7.2 进行表单提交时每个用户的表单hash值不一样，但是固定的，该值可在访问用户的html中获得。如图： 然后将hash代入组包，编写蠕虫即可。 var...

Discuz! 7.2 the following versions and various uc products api interface to Get webshell vulnerability-vulnerability warning-the black bar safety net

For dz, we are more concerned about is to get the shell, but the dz stuff want to take the shell too hard too difficult, on an article at the end of the bedding the next, so this article is also not on the horse after cannon....this vulnerability has been in the discuz! x1 version quietly give up...

Discuz! 7.1 & 7.2 back office remote code execution vulnerabilities and fixes-vulnerability warning-the black bar safety net

Beginning with the reception code is executed together with the see, this clear the code execution, see the estimates also a lot of good adhere to for so long has no one posted this half a year also used a lot of times, but...but eventually someone couldn't resist to publish, you know, published ...

Discuz! 7.2 插件/manyou/sources/notice.php sql注入漏洞

在最新的discuz! 7.2中自带了一个新的应用程序插件manyou。恰恰在这个新插件中，没有对传入的参数进行检查，在GPC为off的情况下，导致注入漏洞的产生。 /manyou/sources/notice.php if$option == 'del' $appid = intval$GET'appid'; $db-query"DELETE FROM $tablepremyinvite WHERE appid='$appid' AND touid='$discuzuid'"; showmessage'manyou:done',...