New CMS 2.1 Local File Inclusion

=============================================== + TITLE : NEW CMS Local File Inclusion Vulnerability /proc/self/environ + VENDOR : http://new-cms.org/index.php?lng=it&mod=download&pg=indice + VERSION : 2.1 or Later + AUTHOR : R3vanBastard + TESTED ON : Windows + DORK : "New CMS"...

phpmps 2.0 GBK Help.php $keywords SQL注入漏洞

php分类信息发布系统是一款免费开源的分类信息程序,适用于建立本地信息站点 Help.php 文件，取得keywords的值，只用trim函数，去除了首位空，直接带入sql查询 //取得文章列表 $keyword = !empty$REQUEST'keywords' ? trim$REQUEST'keywords' : ''; $typeid = !empty$REQUEST'typeid' ? intval$REQUEST'typeid' : 0; if!empty$keyword $arr = array; $keywords = 'AND '; $keywords .= "titl...