EUVD-2020-10050

Malware in sbrugna...

CVE-2022-36226

SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx...

WBCE CMS 代码问题漏洞

WBCE CMS is an open source content management system CMS based on PHP and MySQL. A security vulnerability exists in WBCE CMS v1.5.4, which originates from a getshell that can be realized by modifying the upload file type...

CVE-2022-46020

WBCE CMS v1.5.4 can implement getshell by modifying the upload file type...

Information disclosure

SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx...

CVE-2022-36226

SiteServerCMS 5.X has a Remote-download-Getshell-vulnerability via /SiteServer/Ajax/ajaxOtherService.aspx...

SiteServer CMS 代码问题漏洞

SiteServer CMS is an open-source content management system CMS from China's BioRenewable Software Technology Development Corporation. A security vulnerability exists in SiteServer CMS prior to version V5.1, which is caused by the unrestricted upload of a dangerous type of file getshell that can b...

CVE-2020-21787

CRMEB 3.1.0+ is vulnerable to File Upload Getshell via /crmeb/crmeb/services/UploadService.php...

Zhiyuan OA A8 Getshell vulnerability alerts-a vulnerability alert-the black bar safety net

Recently, 360CERT monitoring to Zhiyuan OA A8 system there is a remote Getshell vulnerabilities, has been in the field use. Zhiyuan OA A8 is a popular collaborative management software, in the medium and large business institutions widespread use. 0x01 vulnerability details Zhiyuan A8+ some versi...

TIPASK问答系统SQL注入二（有多个大型互联网企业案例）

简要描述： 审核真给力，刚提交就通过了 ，赞啊！！！！ 详细说明： 部分案例： 经分析下列文件存在注入 /control/message.php 代码如下 function onremovedialog if$this-post'messageauthor' $authors = $this-post'messageauthor'; $ENV'message'-removebyauthor$authors; $this-message"对话删除成功!", geturlsource; 跟进removebyauthor函数 function removebyauthor$authors...

DouPHP SQL注入一枚

简要描述： 注入 详细说明： 依然是getip的问题， guestbook.php:102行 if $rec == 'insert' / 跨站请求伪造CSRF的防御 / if $firewall-checktoken$POST'token' / html安全过滤器 / $POST = $firewall-doufilter$POST; $ip = $dou-getip; $addtime = time; $vcode = $check-iscaptcha$POST'vcode' ? strtoupper$POST'vcode' : ''; / 检查IP是否频繁留言 /...

qibocms 新闻系统 Getshell (需结合解析漏洞)

简要描述： IIS || Apache。 详细说明： http://bbs.qibosoft.com/down2.php?v=news1.0down 下载地址。 在news/member/post.php中 requireonceMpath."inc/check.postarticle.php"; if$job=='postnew' if$step=='post' postnew; //生成静态 makearticlehtml"$Murl/member/post.php?job=endHTML&aid=$aid"; $mid && $mid继续发表新主题 续发本主题 返回主题列表 查看主...

Discuz! X upgrade/conversion program GETSHELL vulnerability analysis-vulnerability warning-the black bar safety net

0x01 vulnerability analysis Vulnerability root cause in the code comment appears in the wrap, resulting in code execution, the process is as follows: 0x0101 first, from the index. php the 3 row 0 with into. ! enter image description here 0x0102 doconfiginc. php 3, line 7, with the into this...

Discuz! X latest Getshell vulnerabilities EXp(comes with the plug-in)-bug warning-the black bar safety net

dz0day published In fact, we're knife inside has been playing the scrap -. - By worship under the maniac a large cattle... === Looking at before we begin to be like the clouds submitted to the author of the tribute, because it is He that title only makes us sharp knives team to research out, of...

Restaurant cms getshell vulnerabilities-vulnerability warning-the black bar safety net

Vulnerability type: code execution Keywords: inurl:index. php? m=shopcar The problem is in the/install/index. php file. In the program after the installation, will be in the program root directory generated under the install. lock file. And the/install/index. php in to determine whether there is...

Oblog 4.5-4.6 access&mssql getshell 0day-vulnerability warning-the black bar safety net

Impact range: 4.5 - 4.6 Vulnerability requirements: IIS6. 0\Open Membership Mining author:henry Absolute originality, technical content is not high,but the impact of the relatively wide range of.. Vulnerability file: AjaxServer. asp 3 of 7 2 rows logfilename = TrimRequest"filename"//not filter...

cyask system background Getshell vulnerabilities-vulnerability warning-the black bar safety net

cyask will set the parameters to the write cache, the write cache when removed from the database unfiltered data directly to write the file, resulting in can get webshell Analysis: admin/settingmanage. php file: ? php adminfooter; exit; elseif$adminaction=='settingedit' ifisset$POST'editsubmit'...