PT-2026-26475

Summary The setPassword.json.php endpoint in the CustomizeUser plugin allows administrators to set a channel password for any user. Due to a logic error in how the submitted password value is processed, any password containing non-numeric characters is silently coerced to the integer zero before...

Tenable SecurityCenter PHP < 5.6.27 Multiple Vulnerabilities

The Tenable SecurityCenter application installed on the remote host is missing a security patch. It is, therefore, affected by multiple vulnerabilities in the bundled version of PHP : - A use-after-free error exists in the unserialize function that allows an unauthenticated, remote attacker to...

Fashion Shopping Cart 0.1 - SQL Injection

Exploit Title.............. Fashion Shopping Cart SQL Injection Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage............ http://www.sourcecodester.com/node/10435 Software Link...

Fashion Shopping Cart 0.1 - SQL Injection

Fashion Shopping Cart 0.1 - SQL Injection Exploit Title.............. Fashion Shopping Cart SQL Injection Google Dork................ N/A Date....................... 14/10/2016 Exploit Author............. lahilote Vendor Homepage............ http://www.sourcecodester.com/node/10435 Software...

shopnc o2o版三处SQL注入打包

简要描述： 直接出数据 详细说明： 先来五个互联网实例 http://www.0795hui.com/circle/index.php?act=api&op=getthemelist&datacount=1%20procedure%20analyseextractvaluerand,concat0x3a,user,1 http://www.hfmy.cc/modules/circle/index.php?act=api&op=getthemelist&datacount=1%20procedure%20analyseextractvaluerand,concat0x3a,user,1...

siteengine 5.x Multiple Vulnerabilities

No description provided by source. SiteEngine 5.x Multiple Remote Vulnerabilities Due to incorrect use of intval function, leading to the logic of inspection parameters can be bypassed, resulting in SQL injection vulnerability. -=0x01=- SQL injection Vulnerability vul code like this: if intval $i...

苹果CMS绕过检测SQL注入，第四发（绕过360防护）

简要描述： 原来我之前说的那些都成废话了，厂商没有看懂，囧～，看回复把过错归结于360safe3.php，不再发了，总结下原因。 详细说明： index.php: $m = be'get','m'; ifstrpos$m,'.' $m = substr$m,0,strpos$m,'.'; $par = explode'-',$m; $parlen = count$par; $ac = $par0; ifempty$ac $ac='vod'; $method='index'; $colnum = array"id","pg","yaer","typeid","classid";...

phpdisk V7 注入一枚(直接出数据)。

简要描述： PHPDisk网盘系统 v7.0 20140529更新： 修正网盘云上传无法显示文件 部分主机无法使用系统验证码 端午放假,躁起来。 详细说明： WooYun: phpdisk V7 sql注入2 在爆了这个洞之后 看看phpdisk怎么修复的。 $file = unserializebase64decode$data; /foreach$file as $k=$v $file$k = $db-escape$file$v; / //没搞懂这里为什么要注释掉 如果不注释掉还不会出现这问题。 $filefileid = int$filefileid; $filefilesize ...

About the ipb the latest that 2 vulnerability-vulnerability warning-the black bar safety net

5up3rh3i'blog Vulnerability Bulletin 1. Local include vulnerability Is mainly due to the ipb themselves to achieve friendly URLs function to extract the url parameter filtering not the whole cause ofor that is overly dependent on IPSLib::cleanGlobals of the filter,and simply ignores the parameter...

Discloser 0.0.4-rc2 (index.php more) SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================================ Discloser 0.0.4-rc2 index.php more SQL Injection Vulnerability ================================================================ Salvatore "drosophila" Fresta + Application:...

Discloser 0.0.4-rc2 - &#039;index.php?more&#039; SQL Injection

Salvatore "drosophila" Fresta + Application: Discloser + Version: 0.0.4-rc2 + Website: http://discloser.sourceforge.net/ + Bugs: A SQL Injection + Exploitation: Remote + Date: 21 Feb 2004 + Discovered by: Salvatore Fresta aka drosophila + Author: Salvatore Fresta aka drosophila + E-mail:...

intval()is used improperly cause a security vulnerability analysis-vulnerability warning-the black bar safety net

author: xy780sec.com from: A description of the classification intval function has two characteristics:"until the encounter on the numbers or the positive and negative symbols before starting to do the conversion, and then encounter non-numeric or string at the end\0end of conversion",in certain...

intval()is used improperly cause a security vulnerability analysis-vulnerability warning-the black bar safety net

author: xy780sec.com from:http://www. 80vul. com/pch/ A description of the classification intval function has two characteristics:"until the encounter on the numbers or the positive and negative symbols before starting to do the conversion, and then encounter non-numeric or string at the end\0end...

intval()is used improperly cause a security vulnerability analysis-vulnerability warning-the black bar safety net

A description of the classification intval function has two characteristics:"until the encounter on the numbers or the positive and negative symbols before starting to do the conversion, and then encounter non-numeric or string at the end\0end of conversion",in certain applications due to the...

siteengine-sqlredirphpinfo.txt

Due to incorrect use of intval function, leading to the logic of inspection parameters can be bypassed, resulting in SQL injection vulnerability. -=0x01=- SQL injection Vulnerability vul code like this: if intval $id requireonce $siteengineroot."lib/rss.php" ; $sql = "SELECT url FROM...

SiteEngine 5.x - Multiple Vulnerabilities

SiteEngine 5.x Multiple Remote Vulnerabilities Due to incorrect use of intval function, leading to the logic of inspection parameters can be bypassed, resulting in SQL injection vulnerability. -=0x01=- SQL injection Vulnerability vul code like this: if intval $id requireonce...

SiteEngine 5.x - Multiple Vulnerabilities

SiteEngine 5.x - Multiple Vulnerabilities SiteEngine 5.x Multiple Remote Vulnerabilities Due to incorrect use of intval function, leading to the logic of inspection parameters can be bypassed, resulting in SQL injection vulnerability. -=0x01=- SQL injection Vulnerability vul code like this: if...

pSys 0.7.0.a - shownews SQL Injection

pSys 0.7.0.a - shownews SQL Injection pSys - 0.7.0. alpha shownews SQL Injection Bug by: h0yt3r Bug in here: if isset$REQUEST'shownews' && $REQUEST'shownews' != "" $sqlbefehl="Select titel from $tabnews Where id = '".intval$REQUEST'shownews'."'"; $gettitel = mysqlquery$sqlbefehl,$serverid;...

invisionCBSQL.txt

LEFT Invision Community Blog .. Bugs SQL Injection :- Filename :- mod.php Function name :- dommod The $ids Unfilter Input By Intval As Array : So We Can Do SQL Injection -- Arabic /LEFT RIGHT ÇáãÊÛíÑ $ids ÛíÑ ãÝáÊÑ Úä ØÑíÞ ÇáÏÇáå intval æåæ ÈÔßá ãÕÝæÝå .. áåÐÇ ÇáÓÈÈ ããßä Úãá ÷ÍÞäå /RIGHT LEFT php...

SQL injection exploit IPB &lt;= 2.1.4

This exploit has only been tested on 2.1.4. Others are most likely vulnerable but have not yet been tested. Simple SQL injection in funcmsg.php on line 448. tobyid is not properly sanitized. It's passed to the class via an instance of the messenger class, which takes it from the ipb sanitized inp...