320 matches found
LokiCMS <= 0.3.4 (index.php page) Arbitrary Check File Exploit
官网链接: http://www.lokicms.com/ 影响版本:= 0.3.4 概述: LokiCMS 0.3.4及之前版本中的index.php存在目录遍历漏洞。当magicquotesgpc被中止时,远程攻击者可以借助页参数中的"..",来检查任意文件是否存在。 漏洞页面: vuln file: index.php 漏洞代码: if isset $GET && isset $GET'page' $pagename = stripslashes trim $GET'page' ; // load the page if $pagename == '' $name =...
HLStats <= 1.34 - (hlstats.php) Remote SQL Injection Exploit
No description provided by source. brb ?php / Live Exploit Code SQL Inection + Path Disclosure Affects HLStats HLStats =1.34 and Hlstats = 1.20 works with magicquotesgpc=On by Michael Brooks / print titleHLStats SQL Injection Exploit/title body bgcolor='009900' font color='FF0000'...
MySQL Quick Admin <= 1.5.5 (COOKIE) Local File Inclusion Vulnerability
No description provided by source. MySQL Quick Admin = 1.5.5 COOKIE Local File Inclusion Vulnerability url: http://www.mysqlquickadmin.com/ Author: JosS mail: sys-projectathotmaildotcom site: http://spanish-hackers.com team: Spanish Hackers Team - SHT This was written for educational purpose. Use...
smbind <= 0.4.7 - SQL Injection Vulnerability
No description provided by source. smbind = v.0.4.7 Sql Injection Site: https://sourceforge.net/projects/smbind/files/ Reported on 28/08/2010 Author: IHTeam Buggy code: ifisset$POST'username' && isset$POST'password' if!filteralphanum, $POST'username' or !filteralphanum, $POST'password' dieUsernam...
minitwitter 0.3-beta (sql/xss) Multiple Vulnerabilities
No description provided by source. || || || -----------------------------------------\ == -- ----------- ---------------------------- ------------------/ ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O ¡PROUD TO BE SPANISH! ---------------------...
unclassified newsboard 1.6.4 - Multiple Vulnerabilities
No description provided by source. Author girex Homepage girex.altervista.org Date 31/05/2009 CMS Unclassified NewsBoard 1.6.4 and maybe lower Dork This board is powered by the Unclassified NewsBoard software, 1.6.4 Multiple remote vulnerabilities 1 Remote SQL Injection php.ini regardless 2 Logs...
Flatnuke <= 2.7.1 (level) Remote Privilege Escalation Exploit
No description provided by source. !/usr/bin/env perl Flatnuke = 2.7.1 level Privilege Escalation 0-day Exploit Description ----------- Flatnuke contains one flaw that may allow a user to become administrator. The issue is due to 'sections/noneLogin/section.php' script not properly sanitizing use...
Gallo 0.1.0 - Remote File Include Vulnerability
No description provided by source. 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ /'\ \ /\ \ \ \ /'\ 0 0 \ \ /\ /\ \ \ \ /\ \ \ /\ /\ \ \ \ \ \ \ / 1 1 \ \ \ \\ \ \ /\ \...
TinyShop v1.0.1 SQL注射 可致数据库信息泄露
简要描述: TinyShop v1.0.1 SQL注射 可致数据库信息泄露(官网演示+源码分析) 无视gpc 详细说明: /protected/controllers/ajax.php //团购结束更新 public function groupbuyend $id = Req::args'id'; //取得id if$id $item = $this-model-table"groupbuy"-where"id=$id"-find; //无视GPC,直接带入查询 $enddiff = time-strtotime$item'endtime'; if$enddiff0...
74cms某功能注入漏洞(有条件)
简要描述: 略鸡肋,分享出来。 详细说明: 最新版v3.4,更新时间20140310 文件/plus/weixin.php responseMsg函数,使用 $postStr = $GLOBALS"HTTPRAWPOSTDATA"; 获得了post数据。所以,可以无视GPC。 获得的数据是XML格式,我们一会发送数据包即可。 继续看该函数: if !empty$postStr $postObj = simplexmlloadstring$postStr, 'SimpleXMLElement', LIBXMLNOCDATA; $fromUsername =...
DEDECMS full version disregard for GPC injection exp-vulnerability warning-the black bar safety net
? php printr " +------------------------------------+ DEDECMS full version disregard for GPC injection code by :Sunshie Usage:$argv0 domain Example: php.exe$argv0 www.phpinfo.me +------------------------------------+ " ; if$argv1=="" exit"do not tease than we're still good friends"; else...
Ecmall 2.3.0本地文件包含漏洞
简要描述: 文件包含,受到gpc和php版本限制 详细说明: 漏洞文件:admin/app/plugin.app.php 思路来源于: WooYun: Ecmall 2.3 File Inclusion Vulnerability(鸡肋) function getplugininfo$id //id参数存在文件包含漏洞 $plugininfopath = ROOTPATH . '/external/plugins/' . $id . '/plugin.info.php'; return include$plugininfopath;...
RHEL 5 : php53 (RHSA-2013:1307)
The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2013:1307 advisory. - php: paths with NULL character were considered valid CVE-2006-7243 - PHP: sapiheaderop %0D sequence handling security bypass CVE-2011-1398...
php: PG(magic_quote_gpc) was not restored on shutdown
PHP before 5.3.10 does not properly perform a temporary change to the magicquotesgpc directive during the importing of environment variables, which makes it easier for remote attackers to conduct SQL injection attacks via a crafted request, related to main/phpvariables.c, sapi/cgi/cgimain.c, and...
织梦内容管理系统(DedeCms) 小说模块insert注入漏洞
DedeCms是免费的PHP网站内容管理系统。 织梦内容管理系统DedeCms 以简单、实用、开源而闻名,是国内最知名的PHP开源网站管理系统,也是使用用户最多的PHP类CMS系统。 在gpc=off的情况下,小说模块添加章节insert注入漏洞。 0 Dedecms 厂商补丁: dedecms ------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.dedecms.com/products/dedecms/...
PHPCMS v9.3.4 content.php SQL注入漏洞
PHPCMS全版本通杀SQL注入漏洞,测试版本为V9.5.3版本,2014-05-12之前的 存在漏洞的文件/phpcms/modules/member/content.php 202行 edit函数 $info = array; foreach$POST'info' as $k=$v ifinarray$k, $fields $POST'info'$k = newhtmlspecialcharstrimscript$v; $POST'linkurl' = strreplacearray'"','','',",",'...
ShopEx4. 8 5 the latest version SQL injection-vulnerability warning-the black bar safety net
ShopEx4. 8 5 the latest versionof SQL injection, no need to login, through the GPC, you can directly query the administrator password and echo What not to say, directly on the use of the code, The following html is saved as a html file, change the localhost portion of the site's real address: for...
Destoon B2B建站软件最新版SQL盲注漏洞
简要描述: Destoon B2B建站存在SQL注入漏洞(已经打了20130703补丁) 详细说明: /module/mall/buy.inc.php 这个文件,除了已经修复了的知道创宇上报的那个注入点,还存在其他注入点。 if$submit require DTROOT.'/module/'.$module.'/cart.class.php'; $do = new cart; $cart = $do-get; if$post $add = arraymap'trim', $add; $add'address' = areapos$add'areaid', ''.$add'address...
phpcms 2007 onunload.inc.php update SQL注入漏洞
code!--?php defined'INPHPCMS' or exit'Access Denied'; $serverid ? 1 : showmessage$LANG'illegaloperation'; $db---query"UPDATE ".TABLEMOVIESERVER." SET num = num-1 WHERE serverid = $serverid AND num 0 "; 2 ?/code $serverid没有进行任何过滤也没有用单引号括起来,所以无视gpc。 核心文件include\common.inc.php里大概80左右变量覆盖漏洞。...
ecshop最新2.7.3版本后台本地包含漏洞
简要描述: ecshop最新2.7.3版本后台本地包含漏洞 详细说明: admin/integrate.php文件,110行 $code = empty$GET'code' ? '' : trim$GET'code'; if empty$code || fileexistsROOTPATH . DATADIR . '/integrate' . $code . 'log.php' sysmsg$LANG'lostintalllog', 1; includeROOTPATH . DATADIR . '/integrate' . $code . 'log.php'; 1. $code 未过滤 ...