Discuz! <=2.5 csrf防御绕过

简要描述： 在Discuz! '.gif', 2 = '.jpg', 3 = '.png'; 只检查了后缀而不像3.0以上用库检查了图片格式 漏洞证明： 步骤 1、新建一个获取页面源码 提取formhash 然后用formhash发送添加副站长请求的swf，保存为.jpg后缀 2、注册一个账号，去/home.php?mod=spacecp&ac=avatar上传上一步生成的.jpg后缀的swf文件并抓包 上传后的地址应该是 http://192.168.1.104/ucserver/data/tmp/uploaduid.jpg这样的...

Discuz! X2.5 521交友插件 7.3 jiaoyou.php SQL注入漏洞

Discuz!是国内一款非常流行的论坛程序，其第三方插件521交友 7.3版本存在SQL注入漏洞，攻击者可以利用该漏洞，执行恶意SQL语句。 discuz!x2.5 521交友插件...

Part of the Discuz! The forum user can be any brush points-vulnerability warning-the black bar safety net

For some Discuz! Forum on the promotion visit this place not paying attention so the user can be any brush Forum user points and levels First click on the promotion to access ! You can see this interface “If you have a friend by one of the following links to access the site, you will get reward...

部分Discuz!论坛 用户可以任意刷积分！

简要描述： 有些Discuz!论坛 用户可以任意刷积分 详细说明： 对于有些Discuz!论坛对推广访问这个地方不重视从而可以使用户能够任意的刷论坛的用户积分和等级 先点击推广访问 可以看到这个界面 “如果您的朋友通过下面任意一个链接访问站点，您将获得积分奖励 金钱+1”我们可以复制一个推广链接 用流量精灵挂着 不一会儿 我们的积分就会上去。论坛等级也会提高！ 漏洞证明：...

Discuz! 6.0论坛uid参数远程跨站脚本漏洞

BUGTRAQ ID: 38484 Discuz!是一款华人地区非常流行的Web论坛程序。 Discuz!论坛没有正确的过滤提交给eccredit.php页面的uid参数，远程攻击者可以通过向论坛提交恶意参数请求执行跨站脚本攻击，导致在用户浏览器会话中注入并执行任意HTML和脚本代码。 Comsenz Discuz! 6.0 厂商补丁： Comsenz ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.comsenz.com/index.php...

Discuz! T get Webshell method, test possible-vulnerability warning-the black bar safety net

Inadvertently invaded Xingtai a portal site, can't get Webshell, the depressed found that there is a Discuz! Forum, immediately according to have to get the password of social workers, Oh, and actually successfully into the backend! But after all is the 6. 0+the version of the administrator of th...

Discuz! < 5.50论坛preg_match()函数未初始化$onlineipmatches变量漏洞

Discuz!是一款华人地区非常流行的Web论坛程序。 在Discuz!论坛的include/common.inc.php文件中： $magicquotesgpc = getmagicquotesgpc; @extractdaddslashes$COOKIE; @extractdaddslashes$POST; @extractdaddslashes$GET; //覆盖变量,这里我们可以覆盖$SERVER if!$magicquotesgpc $FILES = daddslashes$FILES; ..... ifgetenv'HTTPCLIENTIP' &&...

4 5 You can obtain the Webshell program-vulnerability warning-the black bar safety net

1: Go to GoogLe,search some keywords,edit. asp? Korean broiler chickens is more,the majority of MSSQL database! 2,to Google ,site:cq. cn inurl:asp 3, The use of mining chicken and an ASP Trojan. The file name is login. asp ...... The path set is/manage/ The key word is went. asp 'Or'='or'to login...

Discuz! 6. x/7. x SODB-2 0 0 8-1 3 Exp full automatically obtain the SHELL with the log-vulnerability warning-the black bar safety net

＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝Discuz.php＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝＝ !/ usr/bin/php ? php / Discuz! 6. x/7. x SODB-2 0 0 8-1 3 Exp By www.80vul.com Notes the value of the variable, add your own modifications / if $argc3 printr' -------------------------------------------------------------------------------- Usage...

discuz obtain any administrator password vulnerability-vulnerability warning-the black bar safety net

The author of the article: The Frozen prodigal son Information source: evil octal information security team www.eviloctal.com） Vulnerability description: Discuz Forum system is a set of used php+mysql database running,which found a security vulnerability, successful exploitation of this...

Discuz! Forum the wap function module coding injection vulnerability-vulnerability warning-the black bar safety net

Author: The Frozen prodigal son Due to the hair in a blog on the vulnerability information to a bit beef up. Official has out patch. Since PHP for multibyte character sets support the existence of problem in various coding conversion process, it is possible to initiate a program overflow and...

Discuz!论坛wap功能模块编码的注射漏洞

Discuz!论坛系统是一个采用 PHP 和 MySQL 等其他多种数据库构建的高效论坛解决方案。Discuz! 在代码质量，运行效率，负载能力，安全等级，功能可操控性和权限严密性等方面都在广大用户中有良好的口碑 由于 PHP 对 多字节字符集的支持存在问题，在各种编码相互转换过程中，有可能引发程序溢出和程序错误 提交一个 ' 转意成 ' 然后转成gbk的，\和'就变成两个字符了 '就可以成功的引入 Discuz!4.0.0 Discuz!4.1.0 Discuz!5.0.0 Discuz!5.5.0 Discuz!6.0.0 Discuz!6.1.0...

Discuz forum to blast the physical path principle-vulnerability warning-the black bar safety net

Affected version Discuz! 5.2 Discuz! 5.1 Discuz! 4.1 Discuz! 4.0 ............. 1. common. inc. php issues code 2 0, line 7 ..... $navtitle = $navigation = "; $extra = isset$extra && pregmatch"/^+$/i", $extra ? $extra : "; $tpp = intvalempty$DSESSION ? $topicperpage : $DSESSION; $ppp =...

Discuz论坛爆物理路径

当把变量当成数组提交时，如果不存在该数组，但存在变量，后面的pregmatch正则表达式匹配不了， 这样就出现了绝对路径的泄露 Discuz!5.2 Discuz!5.1 Discuz!4.1 Discuz!4.0 http://www.discuz.net/ 打开论坛 include 目录下的 common.inc.php $extra = isset$extra && pregmatch 改成 $extra = isset$extra && @pregmatch 1.common.inc.php问题代码207行 ..... $navtitle = $navigation = '';...

PHP is a famous open source Forum: Discuz it! Cross-site Daquan-vulnerability warning-the black bar safety net

In the discuz! the The poster, back patch, PM, etc. of the subject are not filtered, so it can add the code. For example http://xxx/post.php?action=newthread&fid=2...cript%3E%3Cb%2 2 The effect is the first to pop your cookie Use method: put the above code placed into the img. Applicable version:...

For Discuz Forum, the intrusion-vulnerability warning-the black bar safety net

Recently nothing else, the rookie, set off a Discuz Forum, the invasion of the frenzy of the“movement.” Time trouble the entire security community is boiling endless. However, the site of the webmasters skill fairly agile, low version of the Discuz Forum also useless how long, will be put on a...