SQL injection vulnerability in DOUPHP ba***.php file

DouPHP is a lightweight enterprise website management system based on PHP+Mysql architecture, running on various platforms such as Linux, Windows, MacOSX, Solaris and so on. A SQL injection vulnerability exists in the DOUPHP ba.php file. An attacker can exploit this vulnerability to obtain...

Information leakage vulnerability in DouPHP database

DouPHP is a lightweight enterprise website management system based on PHP+Mysql architecture, running on various platforms such as Linux, Windows, MacOSX, Solaris and so on. An information leakage vulnerability exists in DouPHP database. The vulnerability is due to its database backup function do...

Code Execution Vulnerability in DouPHP

DouPHP is a lightweight enterprise website management system, based on PHP+Mysql architecture, can run on Linux, Windows, MacOSX, Solaris and other platforms. DouPHP has a code execution vulnerability that can be exploited by attackers to gain control of the server...

DouPHP-多处物理路径泄露

...

Code Execution Vulnerability in DouPHP V1.3

Douphp is a lightweight enterprise website management system based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. A code execution vulnerability exists in DouPHP V1.3. Allow attackers to exploit the vulnerability to write webshell, execute arbitrary cod...

Cross-site request forgery vulnerability in douPHP backend

Douphp is a lightweight enterprise website management system, based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. douPHP backend there is a cross-site request forgery vulnerability , due to the backend backup function is not done at the token validatio...

Multiple SQL Injection Vulnerabilities in Douphp Backend

Douphp is a lightweight enterprise website management system, based on PHP+Mysql architecture, running on Linux, Windows, MacOSX, Solaris and other platforms. Douphp background there are a number of SQL injection vulnerabilities, 1 due to the background is not sufficient to filter the parameters...

DouPHP admin/article.php image parameter SQL injection

No description provided by source...

DouPHP backend csrf modification article categories exist cross-site scripting vulnerabilities

DouPHP is an open source free lightweight enterprise website management system, based on PHP + Mysql architecture. DouPHP background csrf modify article classification cross-site scripting vulnerability , due to the program does not filter the user input , allowing attackers to exploit the...

douphp /cache 目录物理路径泄漏

漏洞分析 漏洞文件 cache目录下的所有文件 如：admin/backup.htm.php php tplvars'lang''home'; ?//会引起报错 2. 漏洞利用 直接访问 http://www.douco.com/cache/admin/backup.htm.php 然后查看网页源码，泄漏物理路径 3. 漏洞修复 关闭错误信息显示...

DouPHP 1.2 /admin/login.php 验证码绕过漏洞

No description provided by source...

DouPHP v1.1 /kindeditor/php/file_manager_json.php 备份文件发现漏洞

No description provided by source...

DouPHP CSRF配合存储型XSS可盲打后台

简要描述： DouPHP 挺好的，不过还是有一些问题。 详细说明： None 这个点前台也是可以显示的。...

DouPHP SQL注入两处- -

简要描述： DouPHP 功能简单，因此防御起来比较容易，使用全局过滤很好的避免了问题，不过还是存在不严谨的地方。 挖洞不易啊- - 详细说明： 在文件\www\admin\article.php中： / +---------------------------------------------------------- 文章列表 +---------------------------------------------------------- / if $rec == 'default' $smarty-assign'urhere', $LANG'article';...

DouPHP 1.1 /guestbook.php SQL注入漏洞

No description provided by source...

DouPHP 1.1 /guestbook.php SQL注入漏洞

No description provided by source...

DouPHP存储型XSS一枚可打后台管理

简要描述： xss 详细说明： 漏洞文件：admin/login.php:68行 $query = $dou-select$dou-tableadmin, '', "username = '$POSTusername'"; $user = $dou-fetcharray$query; if !isarray$user $dou-createadminlog$LANG'loginaction' . ": " . $POST'username' . " " . $LANG'loginusernamewrong' . " "; $dou-doumsg$LANG'logininputwrong'...

DouPHP轻量级企业建站系统后台任意文件删除缺陷

简要描述： 某处未验证删除的文件路径，导致可以删除任意文件。 官网演示站测试通过 详细说明： 漏洞文件: /admin/backup.php 第161行 / +---------------------------------------------------------- 备份删除 +---------------------------------------------------------- / if $REQUEST'rec' == 'del' $sqlfilename = $GET'sqlfilename'; if $POST'confirm' if...

DouPHP轻量级企业建站系统CSRF添加管理员

简要描述： 版本:官网最新版本 详细说明： http://douco.com/ 官网的demo测试。http://demo.douco.com/ 没有验证token，也没有验证referer,所以造成了csrf 漏洞文件 admin/manage.php 第84行-121行 None...

DouPHP轻量级企业建站系统任意文件下载源码漏洞

简要描述： 任意文件下载，漏洞文件:admin/backup.php 可以下载整站文件源码，官网测试站通过。 详细说明： 漏洞文件 admin/backup.php 第187行开始。 / +---------------------------------------------------------- 备份下载 +---------------------------------------------------------- / if $REQUEST'rec' == 'down' $sqlfilename =...