Lucene search
K

6 matches found

myhack58
myhack58
added 2012/07/06 12:0 a.m.14 views

DiscuzX1. 5+ prop of the brush sub-vulnerability-vulnerability warning-the black bar safety net

If the user group set up"to purchase items a discount"option to buy when the price is discounted price, and sell when the price is not discounted price. That is the time to buy discount, sell when it is the original price. Buy: $magic'discountprice' = $G'group''magicsdiscount' ? intval$magic'pric...

1.6AI score
Exploits0
seebug.org
seebug.org
added 2012/05/20 12:0 a.m.22 views

DiscuzX1.5+ 道具刷分漏洞

简要描述: 如果用户组设置了"购买道具折扣"选项,买入时的价格是打折后的价格,卖出时的价格是未打折的价格。 也就是买的时候打折了,卖的时候是原价。 详细说明: 漏洞证明: 买入: $magic'discountprice' = $G'group''magicsdiscount' ? intval$magic'price' $G'group''magicsdiscount' / 10 : intval$magic'price'; $totalprice = $magic'discountprice' $magicnum; 卖出: $discountprice =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2011/05/04 12:0 a.m.21 views

DiscuzX1.5 门户管理权限SQL注入漏洞

source\include\portalcp\portalcparticle.php //90行 if$G''gpconver'' $converfiles = unserializestripcslashes$G''gpconver''; $setarr''pic'' = $converfiles''pic''; $setarr''thumb'' = $converfiles''thumb''; $setarr''remote'' = $converfiles''remote''; 可以看出变量 $converfiles 没有 addcslashes。 $aid =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2011/04/27 12:0 a.m.13 views

DiscuzX1.5 门户管理权限SQL注入漏洞

简要描述: DiscuzX1.5 门户管理权限SQL注入漏洞 详细说明: DiscuzX1.5 门户管理权限SQL注入漏洞 详细说明: source\include\portalcp\portalcparticle.php //90行 if$G'gpconver' $converfiles = unserializestripcslashes$G'gpconver'; $setarr'pic' = $converfiles'pic'; $setarr'thumb' = $converfiles'thumb'; $setarr'remote' = $converfiles'remote';...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2011/03/27 12:0 a.m.33 views

DiscuzX1.5 有权限SQL注入BUG

简要描述: DiscuzX1.5 有权限SQL注入BUG 详细说明: source\include\portalcp\portalcparticle.php //90行 if$G'gpconver' $converfiles = unserializestripcslashes$G'gpconver'; $setarr'pic' = $converfiles'pic'; $setarr'thumb' = $converfiles'thumb'; $setarr'remote' = $converfiles'remote'; 可以看出变量 $converfiles 没有...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2011/01/20 12:0 a.m.23 views

DISCUZX1.5 本地文件包含漏洞

简要描述: DISCUZX1.5 本地文件包含 详细说明: DISCUZX1.5 本地文件包含,当然是有条件的,就是使用文件作为缓存。 configglobal.php $config'cache''type' = 'file'; function cachedata$cachenames ...... $isfilecache = getglobal'config/cache/type' == 'file'; ...... if$isfilecache $lostcaches = array; foreach$cachenames as $cachename...

7.1AI score
Exploits0
Rows per page
Query Builder