dedecmscan

This is a Python-based vulnerability scanner for the DedeCMS platform. The scanner is designed to identify potential vulnerabilities in the platform, including SQL injection, cross-site scripting XSS, and other types of attacks. The scanner consists of several modules, each responsible for...

DEDECMS 5.1 /plus/feedback_js.php SQL注入漏洞

No description provided by source...

DedeCMS 5.1 - SQL Injection

No description provided by source. Securitylab.ir Application Info: Name: DEDECMS Version: 5.1 Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql Injection Vulnerability Risk: Medium...

织梦(Dedecms) 5.1 feedback_js.php 注入漏洞

同样是在magicquotesgpc=off的情况下可用 此漏洞可拿到后台管理员的帐号和加密HASH,漏洞存在文件plus/feedbackjs.php,未过滤参数为$arcurl ...... $urlindex = 0; ifempty$arcID $row = $dlist-dsql-GetOne"Select id From @cachefeedbackurl where url='$arcurl' "; //此处$arcurl没有过滤 ifisarray$row $urlindex = $row'id';...

Sql injection

SQL injection vulnerability in feedbackjs.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter...

CVE-2009-3806

SQL injection vulnerability in feedbackjs.php in DedeCMS 5.1 allows remote attackers to execute arbitrary SQL commands via the arcurl parameter...

CVE-2009-3806

CVE-2009-3806 describes an SQL injection in DedeCMS 5.1, specifically in feedback_js.php where the arcurl parameter can be manipulated to execute arbitrary SQL commands. The issue is exploitable remotely and can impact confidentiality, integrity, and availability according to the provided metrics...

织梦(DEDECMS) 5.1 plus/feedback_js.php存在注入漏洞

在magicquotesgpc=off的情况下可用 此漏洞可拿到后台管理员的帐号和加密HASH,漏洞存在文件plus/feedbackjs.php,未过滤参数为$arcurl ...... $urlindex = 0; ifempty$arcID $row = $dlist-dsql-GetOne"Select id From @cachefeedbackurl where url='$arcurl' "; //此处$arcurl没有过滤 ifisarray$row $urlindex = $row'id';...

DedeCMS 5.1 SQL Injection

No description provided by source. Securitylab.ir Application Info: Name: DEDECMS Version: 5.1 Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql Injection Vulnerability Risk: Medium...

DeDeCMS 5.1 - SQL Injection

DeDeCMS 5.1 - SQL Injection Securitylab.ir Application Info: Name: DEDECMS Version: 5.1 Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql Injection Vulnerability Risk: Medium...

DedeCMS <= 5.1 SQL Injection

Exploit for unknown platform in category web applications ============================ DedeCMS dsql-GetOne"Select id From @cachefeedbackurl where url='$arcurl' "; ifisarray$row $urlindex = $row'id'; ifempty$arcID && empty$urlindex exit; ...... ifempty$arcID $wq = " urlindex = '$urlindex' "; else...

DEDECMS v5.1 Sql Injection Vulnerability

Securitylab.ir Application Info: Name: DEDECMS Version: 5.1 Discoverd By: Securitylab.ir Website: http://securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Vulnerability Info: Type: Sql Injection Vulnerability Risk: Medium...

DEDECMS 5.1 feedback_js.php 0DAY-vulnerability warning-the black bar safety net

Author:st0p&Rainy'Fox The same is on magicquotesgpc=off case available Vulnerability version:DEDECMS 5.1 This vulnerability can get to the backend Administrator's account and the encrypted HASH,漏洞 存在 文件 plus/feedbackjs.php,not a Filter parameter for$arcurl ...... $urlindex = 0; ifempty$arcID $row...