Lucene search
K

1933 matches found

seebug.org
seebug.org
added 2013/06/11 12:0 a.m.12 views

espcms后台getshell-3,并可利用csrf交互强制管理员getshell

简要描述: 详细说明: 后台修改模板处未过滤,可在模板中插入php代码(此处方便演示,使用了phpinfo 本来,一个后台getshell的危害应该属于较低的,因为需要管理员权限。但是,espcms后台操作无token,通过csrf的交互,就可以强迫管理员干很多事。修改模板为shell的包如下: 无token,所以可以通过一个自动提交表单给管理员点击,然后就会自动getshell了。(此处主要是后台getshell,csrf就不再说了,详细的POC可以查看我以前提交的一些漏洞) 漏洞证明:...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2013/05/13 12:0 a.m.38 views

Sony PSN Community Lithium Forums 2012 Q4 Script Insertion

Title: ====== Sony PSN Community - Mail Encoding Web Vulnerability Date: ===== 2013-05-05 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=748 VL-ID: ===== 747 Common Vulnerability Scoring System: ==================================== 3.1 Introduction: =============...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2013/05/13 12:0 a.m.19 views

Sony PSN Community Lithium Forums 2012 Q4 Script Insertion

Title: ====== Sony PSN Community - Mail Encoding Web Vulnerability Date: ===== 2013-05-06 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=748 VL-ID: ===== 748 Common Vulnerability Scoring System: ==================================== 3.1 Introduction: =============...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2013/05/06 12:0 a.m.62 views

Vanilla Forums 2.0.18 / SQL-Injection / Insert arbitrary user & dump usertable

Product Name: Vanilla Forums Vulnerable Version: Up to vanilla-core-2-0-18-4 Tested on: Windows Server 2003 Apache 2.4.3 PHP 5.4.7 MySQL 5.5.27 Vulnerability Overview: SQL-Injection is possible, because$POST arrays are not proper sanitized. You do not need to be authenticated. Vulnerability...

Exploits0
Exploit DB
Exploit DB
added 2013/04/08 12:0 a.m.34 views

Vanilla Forums 2-0-18-4 - SQL Injection

Exploit Title: Vanilla Forums - SQL-Injection - Insert arbitrary user & dump usertable Date: 04/05/2013 Exploit Author: bl4ckw0rm Vendor Homepage: http://vanillaforums.org/ Version: 2-0-18-4 Tested on: Windows Product Name: Vanilla Forums Vulnerable Version: Up to vanilla-core-2-0-18-4 Tested on:...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2013/04/08 12:0 a.m.13 views

Vanilla Forums 2-0-18-4 - SQL Injection

Vanilla Forums 2-0-18-4 - SQL Injection Exploit Title: Vanilla Forums - SQL-Injection - Insert arbitrary user & dump usertable Date: 04/05/2013 Exploit Author: bl4ckw0rm Vendor Homepage: http://vanillaforums.org/ Version: 2-0-18-4 Tested on: Windows Product Name: Vanilla Forums Vulnerable Version...

1.2AI score
Exploits0
0day.today
0day.today
added 2013/03/13 12:0 a.m.26 views

Microsoft Office PowerPoint 2007 Memory Corruption

when you insert a sound to Microsoft office powerpoint 2007 ;the software will get crashed it tested on office 2007 ,all the versions may be affected too 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ ...

6.8AI score
Exploits0
0day.today
0day.today
added 2013/02/26 12:0 a.m.36 views

MTP Image Gallery 1.0 XSS Vulnerability

Exploit for php platform in category web applications MTP Image Gallery 1.0 title Remote Script Insertion Vulnerability alert1;' / input type=...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2013/02/26 12:0 a.m.15 views

MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities

MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities MTP Guestbook 1.0 Multiple Remote Script Insertion Vulnerabilities alert1;' / input type="hidden" name="ins...

0.2AI score
Exploits0
exploitpack
exploitpack
added 2013/02/26 12:0 a.m.21 views

MTP Image Gallery 1.0 - edit_photos.php?title Cross-Site Scripting

MTP Image Gallery 1.0 - editphotos.php?title Cross-Site Scripting MTP Image Gallery 1.0 title Remote Script Insertion Vulnerability alert1;' / input typ...

Exploits0
0day.today
0day.today
added 2013/02/26 12:0 a.m.27 views

MTP Guestbook 1.0 - Multiple XSS Vulnerabilities

Exploit for php platform in category web applications MTP Guestbook 1.0 Multiple Remote Script Insertion Vulnerabilities alert1;' / form method="POST" action="http://localhost/mtpguestbook/inse...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2013/02/26 12:0 a.m.16 views

MTP Poll 1.0 - Multiple Cross-Site Scripting Vulnerabilities

MTP Poll 1.0 - Multiple Cross-Site Scripting Vulnerabilities MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities alert1;' / alert2;' / input...

7AI score
Exploits0
0day.today
0day.today
added 2013/02/26 12:0 a.m.20 views

MTP Poll 1.0 - Multiple XSS Vulnerabilities

Exploit for php platform in category web applications MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities alert1;' / alert2;' / inpu...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2013/02/26 12:0 a.m.21 views

MTP Poll 1.0 - Multiple Cross-Site Scripting Vulnerabilities

MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities alert1;' / alert2;' / input type="hidden" na...

7AI score
Exploits0
Exploit DB
Exploit DB
added 2013/02/26 12:0 a.m.20 views

MTP Guestbook 1.0 - Multiple Cross-Site Scripting Vulnerabilities

MTP Guestbook 1.0 Multiple Remote Script Insertion Vulnerabilities alert1;' / scri...

7.4AI score
Exploits0
Exploit DB
Exploit DB
added 2013/02/26 12:0 a.m.33 views

MTP Image Gallery 1.0 - 'edit_photos.php?title' Cross-Site Scripting

MTP Image Gallery 1.0 title Remote Script Insertion Vulnerability alert1;' / input type="hidden" name="rat...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/02/25 12:0 a.m.36 views

MTP Poll 1.0 Cross Site Scripting

MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities alert1;' / alert2;' / inpu...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2013/02/25 12:0 a.m.28 views

MTP Image Gallery 1.0 Cross Site Scripting

MTP Image Gallery 1.0 title Remote Script Insertion Vulnerability alert1;' / input typ...

0.1AI score
Exploits0
Packet Storm
Packet Storm
added 2013/02/25 12:0 a.m.19 views

MTP Guestbook 1.0 Cross Site Scripting

MTP Guestbook 1.0 Multiple Remote Script Insertion Vulnerabilities alert1;' / input type="hidden" name="insc...

7.4AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2013/02/25 12:0 a.m.34 views

MTP Poll 1.0 Multiple Remote Script Insertion Vulnerabilities

Summary More than poll is a polling system with a powerful administration tool. It features: multiple pools, templates, unlimited options, IP Logging, cookie support, and more. Description MTP Poll script suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered...

6AI score
Exploits0
Rows per page
Query Builder