SQL Injection Vulnerability in Discuz!

Discuz! is a general-purpose community forum software system. A SQL injection vulnerability exists in Discuz! An attacker can exploit the vulnerability to obtain sensitive information from the database...

CVE-2018-5377

Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter...

Discuz! 多个版本HTTP host头攻击漏洞

简要描述： 怎么没人提交此类漏洞？那就让我先来吧！ 详细说明： http://drops.wooyun.org/papers/1383 首先向James Kettle致敬 下面以Discuz! X3.2为例，作个演示 漏洞证明： 以http://bbs.locojoy.com/为例， 1.易得其ip为 115.29.162.113 2.向hosts添加条目 115.29.162.113 www.evil.com 3.访问http://www.evil.com 找回密码，输入攻击目标的email，提交 4.受害人收到email...