Discuz! X2 X3多个版本无须登陆无须条件SSRF漏洞

No description provided by source...

Discuz! X2 V63积分商城插件 SQL注入漏洞

No description provided by source...

Discuz! X2 回复仅作者可见控制不严

简要描述： Discuz! X2 发布回复仅作者可见的主题帖，普通会员可以绕过该机制获得被隐藏的部分内容 详细说明： 帖子为打开状态时，可以通过楼层获得fid、tid、repposet 这3个参数，手动URL提交，可获取引用回复，引用回复中含有被屏蔽（仅作者可见的）部分内容。 漏洞证明： 拼接的url...

Discuz X2 后台getshell(当mysql为root时）

简要描述： 危险语句过滤，可以绕过 详细说明： 最近帮朋友看了一个站，DZx2的，拿到了创始人都没办法getshell 百度无果，自己本地架设了一下 1，当mysql是root时 站长---数据库---升级 尝试 select '1' into outfile 'E:\2.txt' 会提示 Type 查询语句安全威胁 Query select '1' into outfile 'E:\2.txt' 为什么会这样呢？ \config\configglobal.php中 限制了into outfile函数 尝试绕过 /!select/ '1' /!into outfile/ 'E:\3.tx...

Discuz! X2 /source/function/function_exif.php跨站漏洞

No description provided by source...

Discuz x2 source/function/function_connect.php leakage of the server's physical path-vulnerability warning-the black bar safety net

Affected version: Discuz x2 vulnerability description: source/function/functionconnect.php The file header is not added: if! defined‘INDISCUZ’ exit‘Access Denied’; And at the head of the pack The letter the other file: requireonce libfile‘function/cloud’; reference...

Discuz! x2 201110版 报物理路径

简要描述： 详细说明： attachEventwindow, 'load', function appendscript''.$jsurl.'', '', 1, 'utf-8' , document;'; function connectoutputphp$url, $postData = '' global $G; $response = dfsockopen$url, 0, $postData, '', false, $G'setting''cloudapiip'; $result = array unserialize$response; return $result;...

Discuz! X2 forum_attachment.php sql注入漏洞

No description provided by source...

Discuz X2 SQL injection/Xpath latest vulnerability-vulnerability warning-the black bar safety net

| Vulnerability type: SQL injection/Xpath Request method: POST Affected page: http://127.0.0.1/member.php?mod=logging&action=login&loginsubmit=yes&infloat=yes&lssubmit=yes Parameters:username Parameters of the test: and 1=1 Attack details: username=1+and+1=1&cookietime=2 5 9 2 0 0...

Discuz X2 Safety study: SQL and XSS injection vulnerability 0day analysis-vulnerability warning-the black bar safety net

Recently, DiscuzX2 is out with two 0day, aSQL injectionvulnerability, an attacker can use this vulnerability to obtain the username and password, another is toXSSinjection vulnerabilities, the attacker can achieve the website hanging horse, Web sites, phishing and other acts, the current official...

Discuz! X2远程SQL注入漏洞

Discuz! X2在处理请求数据时存在SQL注入漏洞，远程攻击者可利用此漏洞非授权操作数据库。 漏洞存在于如下代码中： if!defined'INDISCUZ' exit'Access Denied'; define'NOROBOT', TRUE; @list$G'gpaid', $G'gpk', $G'gpt', $G'gpuid', $G'gptableid' = explode'|', base64decode$G'gpaid'; if!empty$G'gpfindpost' && $attach = DB::fetchfirst"SELECT pid, tid FROM...

Discuz! X2 Beta 存储型XSS

简要描述： Discuz! X2 Beta 存储型XSS 详细说明： Discuz! X2 Beta 【家园】相册描述 存储型XSS漏洞。 漏洞证明：...