10 matches found
EUVD-2022-7514
Malicious code in bioql PyPI...
EUVD-2021-31710
Malicious code in bioql PyPI...
CVE-2020-21786
In IBOS 4.5.4 Open, Arbitrary File Inclusion causes getshell via /system/modules/dashboard/controllers/CronController.php...
File Upload Vulnerability in Laiku Push Mall System (CNVD-2020-62378)
Laikepush mall system is a system with independent copyright, is an integrated e-commerce system all the functions of the platform. A file upload vulnerability exists in the Laikipu Mall System, which can be exploited by attackers to upload remote files to the server and realize getshell...
duomicms前台全局变量覆盖导致getshell
...
Authentication Bypass Vulnerability in CFCMS Editor
CFCMS is a self-service website building platform with full Flash as its core. There is an authentication bypass vulnerability in the editor \xmlEditor\eWebEditor\AdminStyle.asp used in CFCMS, which can be exploited by attackers to bypass the authentication and gain server privileges with Getshel...
Drupal 7.31 SQL injection getshell exploit detailed and EXP-vulnerability warning-the black bar safety net
0x00 This vulnerability might indeed be great, and Drupal used more also, using Fuzzing to run the dictionary should be swept out of the many vulnerabilities of the host, but do the bulk may be on the other site cause a lot of loss, so I will just write a Exp is no longer deep down. 0x01 On the...
phpmywind 5.0 后台GetShell漏洞
简要描述: 这各漏洞子前被报过,但是厂商的修复不彻底。 详细说明: admin/webcongif.php 的过滤代码如下。 //强制去掉 ' //强制去掉最后一位 / $vartmp = strreplace"'",'',$row'varvalue'; ifsubstr$vartmp, -1 == '\' $vartmp = substr$vartmp,1,-1; 只过滤了最后一位的反斜杠,只需要加两个反斜杠就可以了····· 首先修改网站配置信息 configcache.php中会变成这样 $cfgwebname = '的网站'; $cfgweburl =...
kppw威客系统上传文件漏洞导致GetShell
简要描述: 文件类型过滤不严,可以绕过上传 详细说明: 漏洞代码: /lib/helper/kekefileclass.php 138158行 None 2.shell前面加上Ra Ra 3.上传shell...
phpdisk vulnerability released — phpdisk header bypass & getShell exp-vulnerability warning-the black bar safety net
Author:Yaseng Team:CodePlay 1:code auditing PHPDISK network disk system is for domestic use wide range of PHP and MySQL to build the network drivefile storage managementsystem,The author of its source code analysis,found a very interesting stuff..... ! clipimage002 Figure a Figure A is install 下面...