415 matches found
Authentication Bypass Vulnerability in CFCMS Editor
CFCMS is a self-service website building platform with full Flash as its core. There is an authentication bypass vulnerability in the editor \xmlEditor\eWebEditor\AdminStyle.asp used in CFCMS, which can be exploited by attackers to bypass the authentication and gain server privileges with Getshel...
Arbitrary File Upload Vulnerability in inxedu Online Classroom
Incu open source online school system is developed by the Beijing Incu Times Technology Co., Ltd. launched the first Java version of the open source online school source code to build the system . inxedu online classroom there are arbitrary file upload vulnerability , the vulnerability arises...
Phpcms V9. 6. 0 any file write getshell vulnerability analysis-vulnerability warning-the black bar safety net
1 Introduction: It is said to be one in the underground has been around for half a 0day, which has recently been broke to, in the membership registration page, that this vulnerability without the need to login you can use, or more powerful. 2 vulnerability analysis: Follow up on the registration...
FineCMS AttachmentController arbitrary file upload vulnerability
Source link: http://www.hackersb.cn/shenji/170.html Is still AttachmentController, of course, this is no longer kindeditorupload upload the file and then include the file so simple, but directly uploaded the script execution. This time the problem is ajaxswfuploadAction method, the method code is...
IwebSNS System Arbitrary File Upload Vulnerability
IwebSNS is a high load open source SNS software based on the iwebSuperInteraction iweb SI for short framework. An arbitrary file upload vulnerability exists in the IwebSNS system, allowing attackers to exploit the vulnerability getshell...
DedeCms use Csrf to create a file with the Execute sql statement getshell process with ideas-vulnerability warning-the black bar safety net
I from spring and autumn author: Szdny 00x01 ver. txt version 2 0 1 6 0 8 1 6 Due to the XAl3r submitted a patch day, so the latest version has been can not reproduce, so I specifically asked him to be a previous version of over to write this article ! Here is the Csrf trigger point, we create a...
Finecms 2.0.1 background GETSHELL 0DAY-vulnerability warning-the black bar safety net
FineCMS have a cache function, and when the Wordpress like, there is a cache function and cache file name is not random and the suffix is php, it leads to a can use background cache function getshell it. Below is the Payload PHP | 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 | POST /inde...
phpwind9. x Md5 Padding Extension vulnerability analysis-vulnerability warning-the black bar safety net
0x00 Preface This is one of the more interesting vulnerabilities, exploits already in the clouds online submitted http://www.wooyun.org/bugs/wooyun-2016-0210850 that official has also released a patch(http://www.phpwind.net/read/3709549 that 并且 安全 研究员 phithon 也 第一时间 发出 了 他 的 漏洞 分析...
Design Logic Vulnerabilities in FineCMS Backend Template Management
FineCMS is a web content management system developed by Chengdu Tianrui Information Technology Company Limited based on CI framework. There is a design flaw in the Edit Template Files feature in the Template Management of the FineCMS administration backend that does not check the extensions of th...
B2Bbuilder v7.0.1 install.php 设计缺陷可无限制getshell
0x01漏洞简介 B2Bbuilder v7.0.1 在文件install.php处存在一个设计缺陷,导致可无限制getshell。 0x02漏洞详情 /install/install.php if$action == "setup" //检查参数是否完整 $dbhost = $GET'dbhost'; $port = $GET'port'; $dbname = $GET'dbname'; $dbuser = $GET'dbuser'; $dbpassword = $GET'dbpassword'; $tableprefix = $GET'tableprefix'; $guid =...
天融信等厂商上网行为管理设备任意命令执行漏洞
两处任意命令执行无需登录: 第一处: ifkeyexists"texttarget", $GET && keyexists"textpingcount", $GET && keyexists"textpacketsize", $GET $texttarget = $GET"texttarget"; $textpingcount = $GET"textpingcount"; $textpacketsize = $GET"textpacketsize"; $pingcmd = sprintf"ping %s -c %s -s %s", $texttarget, $textpingcount,...
蝉知CMS5.3 CRSF getshell
简要描述: 蝉知CMS5.3 CRSF getshell 详细说明: /system/module/package/control.php public function upload$type = 'extension' $this-view-canManage = array'result' = 'success'; if!$this-loadModel'guarder'-verify $this-view-canManage = $this-loadModel'common'-verifyAdmin; if$SERVER'REQUESTMETHOD' == 'POST'...
AppCan vulnerability spree(AppCan weak password\XSS\SQL injection\sensitive files leaked\weak password\file upload vulnerability collection)-vulnerability warning-the black bar safety net
Test yourself to write the discuz scan tool robustness of the time to find a backup file http://bbs. appcan. cn//config/configucenter. php. bak Use uckey getshell failure,the test has changed uckey. To continue testing,found a suspected injection point http://edu. appcan. cn/traindetailnew. html?...
金蝶某平台注入漏洞(可Getshell)
简要描述: RT 详细说明: 漏洞网站:online.kingdee.com live800平台存在注入漏洞 POST //live800/sta/export/referrerSta.jsp HTTP/1.1 Host: online.kingdee.com User-Agent: Mozilla/5.0 Windows NT 6.3; rv:36.0 Gecko/20100101 Firefox/36.04 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language:...
MetInfo5.1 任意文件上传漏洞(可getshell)
No description provided by source...
Tipask 2.5 setting.php 存在CSRF漏洞 (结合xss可getshell)
No description provided by source...
悟空CRM从无任何权限到Getshell漏洞分析
简要描述: 这是一个无需账户的getshell。 此漏洞专为打某人脸,哈哈 附带一个判断某某的小技巧,较实用。 详细说明: 悟空CRM大部分功能是需要登录,登录以后的漏洞比较鸡肋,那么我发一个越权,从无任意权限到拿下管理员权限,到getshell。 看到检查权限的类 App/Lib/Behavior/AuthenticateBehavior.class.php: class AuthenticateBehavior extends Behavior protected $options = array; public function run&$params $m = MODULENAM...
泛微e-office V8.50820 login_other.php sql注入可getshell
No description provided by source...
PHPYUN任意文件上传导致GETSHELL
简要描述: 简单到你难以想象,只要网站还可以注册就可以GETSHELL,无视GPC,无视WAF。4.1beta版本,其他版本未测 详细说明: 1.在审计PHPYUN的时候一度对PHPYUN的WAF非常无语,但是在大家都痴迷于寻找SQL注入漏洞的时候,确实忽略了一个很简单的上传漏洞。首先定位到漏洞文件wap/member/model/index.class.php function photoaction if$POST'submit' pregmatch'/^data:\simage/\w+;base64,/', $POST'uimage', $result;...
phpshe v1.1 index.php存在本地包含漏洞可getshell
No description provided by source...