27 matches found
Eyou E-Mail <3.6 - Remote Code Execution
Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/iploginset/diploginget.php via the getloginipconfigfile function. id: CVE-2014-1203 info: name: Eyou E-Mail 3.6 - Remote Code Execution author: pikpik...
Unauthorized Access Vulnerability in eYou Email System
eYou email system is a powerful email system software with independent intellectual property rights, developed by EYou. An unauthorized access vulnerability exists in the eYou email system, which can be exploited by attackers to obtain sensitive information...
Command Execution Vulnerability in eYou Email System
eYou email system is a powerful email system software with independent intellectual property rights, developed by EYou. A command execution vulnerability exists in the eYou email system, which can be exploited by an attacker to gain control of the server...
Command execution vulnerability in the eYou email system (CNVD-2021-32387)
eYou e-mail system is a mail system software with independent intellectual property rights, independently developed by Beijing Yizhong Post Information Technology Co. There is a command execution vulnerability in the eYou email system, which can be exploited by an attacker to gain server control...
CVE-2019-17430
EyouCms through 2019-07-11 has XSS related to the login.php webrecordnum parameter...
Cross-Site Scripting Vulnerability in eYou Email System
eYou email system is a mail system software with independent intellectual property rights, which is independently researched and developed by EYou. As a mail system software and overall solution provider in China, EYou email system provides a professional technology platform and complete network...
Design/Logic Flaw
The getloginipconfigfile function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/iploginset/diploginget.php...
CVE-2014-1203
The getloginipconfigfile function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/iploginset/diploginget.php...
CVE-2014-1203
The NUCLEI template confirms CVE-2014-1203 affects Eyou Mail System prior to 3.6, with a remote code execution via get_login_ip_config_file that processes shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php. The vulnerability stems from the get_login_ip_co...
CVE-2014-1203
The getloginipconfigfile function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/iploginset/diploginget.php...
eyou反垃圾邮件网关系统在/php/admin_login.php处存在SQL注入漏洞
No description provided by source...
eyou某服务器配置不当(存在被Getshell风险)
简要描述: eyou某服务器配置不当,存在被getshell风险 详细说明: 在已知mail.you.net web绝对路径情况下。 可使用redis写文件。getshell。 漏洞证明:...
eYou mail system The message body stored XSS(HTML5 features and need to click on the-vulnerability warning-the black bar safety net
Since eyou version number is different, the following test code The effect is a subtle distinction, but the presence of the vulnerability causes of the same. Test code: !-- if trueimg onerror=alert1 src=--form action=javascript:alert2input type=submitinput autofocus onfocus=alert3select autofocus...
eYou邮件系统邮件正文存储型XSS2(内附eYouXSS影响证明)
简要描述: 新玩意儿,影响Chrome。 在测试这个XSS过程中发现一处很严重的HttpOnly COOKIE泄漏,导致邮件正文型XSS能够获取用户全部COOKIE从而进行登陆。 详细说明: 新玩意儿,影响Chrome。 在测试这个XSS过程中发现一处很严重的HttpOnly COOKIE泄漏,导致邮件正文型XSS能够获取用户全部COOKIE从而进行登陆。内有POC (wooyun上有一些关于eyou邮件正文型XSS的报告,你们给的回应全都是“已有解决方案”、“问题已知,谢谢报告”。然而测试了几所大学的邮件系统,全都没修复,感觉你们是在逗我.....) 漏洞证明:...
eYou邮件系统邮件正文存储型XSS(HTML5特性并需点击)
简要描述: eyou邮件系统邮箱多为政府和学校使用,经测试存在xss。 详细说明: 由于eyou版本号不同,下面测试代码的效果也有细微区别,但是存在漏洞原因相同。 测试代码: 发送后打开,效果如图: 某党政机关邮箱: 某院校邮箱: 漏洞证明: 由于eyou版本号不同,下面测试代码的效果也有细微区别,但是存在漏洞原因相同。 测试代码: 发送后打开,效果如图: 某党政机关邮箱:...
eYou邮件系统邮件正文存储型XSS
简要描述: 找到一个可绕过的存储型XSS方法 详细说明: 依据北京理工大学eYou邮件系统测试, http://wooyun.org/bugs/wooyun-2010-066645 这个帖子中的XSS向量已经全部无效。 经过测试,依然有可以绕过的XSS脚本 漏洞证明: 1.一个按钮 tte 2.直接 prompt1te 提交 弹窗...
Code audit: eyou(billion mail)the mail system two getshell and two interesting vulnerability-vulnerability warning-the black bar safety net
Recently at a market value of over a hundred billion dollars of the company to do a penetration test and found that a domain name with the million mail system, by following a set of million post the source code and looked, and found that the system security is still stuck in the zero years, the...
eYou邮件系统邮件正文存储型XSS
简要描述: RT 详细说明: 以前老版本一直对XSS没啥防御,也就没好意思发。最近看手头上的一个eyou信箱升级到eyou5了。发现新版本开始对XSS进行过滤了就测试了一下,发现了一点问题。 1 测试单个XSS攻击向量,如: 还是可以抵挡的住的。 2 不过情况稍微复杂一些,你们的过滤规则就招架不住了。如: alert0 confirm1 prompt2 \u0061\u006C\u0065\u0072\u00743...
eYou v4 /php/bill/list_userinfo.php SQL注入漏洞
No description provided by source...
eYou v4 /storage_explore.php 命令执行漏洞
No description provided by source...