Destoon B2B 2014-05-21最新版csrf getshell

简要描述： 上传问题+csrf+后台任意命令执行 = csrf getshell 详细说明： 先说上传问题，自带的fck编辑器没有验证上传图片的合法性，只判断了后缀名。 可以通过上传一个.jpg后缀的swf来进行csrf 然后是后台命令执行 /member/admin/sendmail.inc.php 行151 default: ifisset$send ifisset$preview && $preview $content = stripslashes$content; if$template if$sendtype == 2 $emails = explode"\n",...

Renren seven years activities of the lottery machine can break through the limit of infinite shake-vulnerability warning-the black bar safety net

http://seven.renren.com/websitecelebrate There is a lottery machine, shake it out, the results did not, suggesting that the next rocker to be in the next one hour. ! http://s.xnimg.cn/a49632/actimg/12anniversary/js/anniversary.js Found so a JS file that contains the 7 anniversary of the page the...

Adobe Flash Player Embedded Flash Object Code Execution (APSB11-28; CVE-2011-2459)

A remote code execution vulnerability has been reported in Adobe Flash Player. The vulnerability is due to null pointer dereference in the Flash plugin while handling string values. A remote attacker could exploit this vulnerability by enticing a user to open an HTML document containing an embedd...

XMB Forum 1.9.5-Final XSS

XMB Forum 1.9.5 I have not tested this on earlier versions allows users to embed flash .swf videos in their posts. Normally, you could set an option on the object tag to say that ActionScript cannot run, but in this case we don't. The way we execute our code is by making a flash movie containing...