Lucene search
K

320 matches found

seebug.org
seebug.org
added 2014/07/01 12:0 a.m.22 views

LokiCMS <= 0.3.4 (index.php page) Arbitrary Check File Exploit

官网链接: http://www.lokicms.com/ 影响版本:= 0.3.4 概述: LokiCMS 0.3.4及之前版本中的index.php存在目录遍历漏洞。当magicquotesgpc被中止时,远程攻击者可以借助页参数中的"..",来检查任意文件是否存在。 漏洞页面: vuln file: index.php 漏洞代码: if isset $GET && isset $GET'page' $pagename = stripslashes trim $GET'page' ; // load the page if $pagename == '' $name =...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.20 views

HLStats <= 1.34 - (hlstats.php) Remote SQL Injection Exploit

No description provided by source. brb ?php / Live Exploit Code SQL Inection + Path Disclosure Affects HLStats HLStats =1.34 and Hlstats = 1.20 works with magicquotesgpc=On by Michael Brooks / print titleHLStats SQL Injection Exploit/title body bgcolor='009900' font color='FF0000'...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability

No description provided by source. MySQL Quick Admin = 1.5.5 COOKIE Local File Inclusion Vulnerability url: http://www.mysqlquickadmin.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.12 views

smbind <= 0.4.7 - SQL Injection Vulnerability

No description provided by source. smbind = v.0.4.7 Sql Injection Site: https://sourceforge.net/projects/smbind/files/ Reported on 28/08/2010 Author: IHTeam Buggy code: ifisset$POST'username' && isset$POST'password' if!filteralphanum, $POST'username' or !filteralphanum, $POST'password' dieUsernam...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.19 views

minitwitter 0.3-beta (sql/xss) Multiple Vulnerabilities

No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ---------------------...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.38 views

unclassified newsboard 1.6.4 - Multiple Vulnerabilities

No description provided by source. Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork This board is powered by the Unclassified NewsBoard software, 1.6.4 Multiple remote vulnerabilities 1 Remote SQL Injection php.ini regardless 2 Logs...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.17 views

Flatnuke <= 2.7.1 (level) Remote Privilege Escalation Exploit

No description provided by source. !/usr/bin/env perl Flatnuke = 2.7.1 level Privilege Escalation 0-day Exploit Description ----------- Flatnuke contains one flaw that may allow a user to become administrator. The issue is due to 'sections/noneLogin/section.php' script not properly sanitizing use...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.25 views

Gallo 0.1.0 - Remote File Include Vulnerability

No description provided by source. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/06/20 12:0 a.m.13 views

TinyShop v1.0.1 SQL注射 可致数据库信息泄露

简要描述: TinyShop v1.0.1 SQL注射 可致数据库信息泄露(官网演示+源码分析) 无视gpc 详细说明: /protected/controllers/ajax.php //团购结束更新 public function groupbuyend $id = Req::args'id'; //取得id if$id $item = $this-model-table"groupbuy"-where"id=$id"-find; //无视GPC,直接带入查询 $enddiff = time-strtotime$item'endtime'; if$enddiff0...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/03/18 12:0 a.m.29 views

74cms某功能注入漏洞(有条件)

简要描述: 略鸡肋,分享出来。 详细说明: 最新版v3.4,更新时间20140310 文件/plus/weixin.php responseMsg函数,使用 $postStr = $GLOBALS"HTTPRAWPOSTDATA"; 获得了post数据。所以,可以无视GPC。 获得的数据是XML格式,我们一会发送数据包即可。 继续看该函数: if !empty$postStr $postObj = simplexmlloadstring$postStr, 'SimpleXMLElement', LIBXMLNOCDATA; $fromUsername =...

7AI score
Exploits0
myhack58
myhack58
added 2014/03/10 12:0 a.m.19 views

DEDECMS full version disregard for GPC injection exp-vulnerability warning-the black bar safety net

? php printr " +------------------------------------+ DEDECMS full version disregard for GPC injection code by :Sunshie Usage:$argv0 domain Example: php.exe$argv0 www.phpinfo.me +------------------------------------+ " ; if$argv1=="" exit"do not tease than we're still good friends"; else...

0.7AI score
Exploits0
seebug.org
seebug.org
added 2014/02/24 12:0 a.m.89 views

Ecmall 2.3.0本地文件包含漏洞

简要描述: 文件包含,受到gpc和php版本限制 详细说明: 漏洞文件:admin/app/plugin.app.php 思路来源于: WooYun: Ecmall 2.3 File Inclusion Vulnerability(鸡肋) function getplugininfo$id //id参数存在文件包含漏洞 $plugininfopath = ROOTPATH . '/external/plugins/' . $id . '/plugin.info.php'; return include$plugininfopath;...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2013/10/01 12:0 a.m.66 views

RHEL 5 : php53 (RHSA-2013:1307)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1307 advisory. - php: paths with NULL character were considered valid CVE-2006-7243 - PHP: sapiheaderop %0D sequence handling security bypass CVE-2011-1398...

10CVSS7.9AI score0.10467EPSS
Exploits5References23
RedHat Linux
RedHat Linux
added 2013/09/30 8:30 p.m.6 views

php: PG(magic_quote_gpc) was not restored on shutdown

PHP before 5.3.10 does not properly perform a temporary change to the magicquotesgpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/phpvariables.c, sapi/cgi/cgimain.c, and...

6.8CVSS5.9AI score0.06709EPSS
Exploits2References4
seebug.org
seebug.org
added 2013/09/26 12:0 a.m.18 views

织梦内容管理系统(DedeCms) 小说模块insert注入漏洞

DedeCms是免费的PHP网站内容管理系统。 织梦内容管理系统DedeCms 以简单、实用、开源而闻名,是国内最知名的PHP开源网站管理系统,也是使用用户最多的PHP类CMS系统。 在gpc=off的情况下,小说模块添加章节insert注入漏洞。 0 Dedecms 厂商补丁: dedecms ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.dedecms.com/products/dedecms/...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2013/09/19 12:0 a.m.115 views

PHPCMS v9.3.4 content.php SQL注入漏洞

PHPCMS全版本通杀SQL注入漏洞,测试版本为V9.5.3版本,2014-05-12之前的 存在漏洞的文件/phpcms/modules/member/content.php 202行 edit函数 $info = array; foreach$POST'info' as $k=$v ifinarray$k, $fields $POST'info'$k = newhtmlspecialcharstrimscript$v; $POST'linkurl' = strreplacearray'"','','',",",'...

7.1AI score
Exploits0
myhack58
myhack58
added 2013/08/25 12:0 a.m.13 views

ShopEx4. 8 5 the latest version SQL injection-vulnerability warning-the black bar safety net

ShopEx4. 8 5 the latest versionof SQL injection, no need to login, through the GPC, you can directly query the administrator password and echo What not to say, directly on the use of the code, The following html is saved as a html file, change the localhost portion of the site's real address: for...

0.1AI score
Exploits0
seebug.org
seebug.org
added 2013/07/25 12:0 a.m.31 views

Destoon B2B建站软件最新版SQL盲注漏洞

简要描述: Destoon B2B建站存在SQL注入漏洞(已经打了20130703补丁) 详细说明: /module/mall/buy.inc.php 这个文件,除了已经修复了的知道创宇上报的那个注入点,还存在其他注入点。 if$submit require DTROOT.'/module/'.$module.'/cart.class.php'; $do = new cart; $cart = $do-get; if$post $add = arraymap'trim', $add; $add'address' = areapos$add'areaid', ''.$add'address...

7AI score
Exploits0
seebug.org
seebug.org
added 2013/06/07 12:0 a.m.14 views

phpcms 2007 onunload.inc.php update SQL注入漏洞

code!--?php defined'INPHPCMS' or exit'Access Denied'; $serverid ? 1 : showmessage$LANG'illegaloperation'; $db---query"UPDATE ".TABLEMOVIESERVER." SET num = num-1 WHERE serverid = $serverid AND num 0 "; 2 ?/code $serverid没有进行任何过滤也没有用单引号括起来,所以无视gpc。 核心文件include\common.inc.php里大概80左右变量覆盖漏洞。...

7AI score
Exploits0
seebug.org
seebug.org
added 2013/04/23 12:0 a.m.286 views

ecshop最新2.7.3版本后台本地包含漏洞

简要描述: ecshop最新2.7.3版本后台本地包含漏洞 详细说明: admin/integrate.php文件,110行 $code = empty$GET'code' ? '' : trim$GET'code'; if empty$code || fileexistsROOTPATH . DATADIR . '/integrate' . $code . 'log.php' sysmsg$LANG'lostintalllog', 1; includeROOTPATH . DATADIR . '/integrate' . $code . 'log.php'; 1. $code 未过滤 ...

7.1AI score
Exploits0
Rows per page
Query Builder