Design/Logic Flaw

The getloginipconfigfile function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/iploginset/diploginget.php...

CVE-2014-1203

The getloginipconfigfile function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/iploginset/diploginget.php...

CVE-2014-1203

The getloginipconfigfile function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/iploginset/diploginget.php...

CVE-2014-1203

The NUCLEI template confirms CVE-2014-1203 affects Eyou Mail System prior to 3.6, with a remote code execution via get_login_ip_config_file that processes shell metacharacters in the domain parameter to admin/domain/ip_login_set/d_ip_login_get.php. The vulnerability stems from the get_login_ip_co...

eYou mail system The message body stored XSS（HTML5 features and need to click on the-vulnerability warning-the black bar safety net

Since eyou version number is different, the following test code The effect is a subtle distinction, but the presence of the vulnerability causes of the same. Test code: !-- if trueimg onerror=alert1 src=--form action=javascript:alert2input type=submitinput autofocus onfocus=alert3select autofocus...

Code audit: eyou(billion mail)the mail system two getshell and two interesting vulnerability-vulnerability warning-the black bar safety net

Recently at a market value of over a hundred billion dollars of the company to do a penetration test and found that a domain name with the million mail system, by following a set of million post the source code and looked, and found that the system security is still stuck in the zero years, the...

Eyou Mail System Remote Code Execution

Hi! The Eyou Mail System have a Remote Code Execution in \inc\fuction.php.It affects version below 3.6. The Vulnerability fuction is getloginipconfigfile in \inc\fuction.php. function getloginipconfigfile$domain, $file $dir = '/var/eyou/Domain/'; $dirmail = exec'/var/eyou/sbin/hashid '.$domain;...

亿中邮（亿邮）信息技术官方网站沦陷,已成功进入后台

简要描述： 今天本身没事。为了不让他买叫我盲打王。 所以就打算随便找一个厂商 进行一次 脚本入侵。然后就找到了“亿中邮信息技术” 我大概说一下。没拿下webshell 后台设置了禁止写入。包括数据库备份 根本不可能。另外上传页面直接删除掉了。 但是你们网站的问题很大。 整个入侵过程一共是 20分钟。你们后台就沦陷了！·下面我大概讲一下入侵的整个思路 详细说明： 首先是网站主站有个意见反馈。然后我就很随意的 插入代码了。但是。返回的提交成功 一看就知道 dedecms页面。 然后我就知道。肯定是 失败的。 然后打开data/admin/ver.txt 发现版本很老啊。...