19 matches found
EUVD-2020-14968
Malware in sbrugna...
EUVD-2020-28357
Malware in sbrugna...
CVE-2020-22203
SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php...
Authentication Bypass
concrete5 is vulnerable to Authentication Bypass. The vulnerability exists due to the lack of authentication validation in Job.php which allows an attacker to bypass permission checks and access the system...
CVE-2020-22203
SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php...
Sql injection
SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php...
CVE-2020-22203
SQL Injection in phpCMS 2008 sp4 via the genre parameter to yp/job.php...
CVE-2020-7229
An issue was discovered in Simplejobscript.com SJS before 1.65. There is unauthenticated SQL injection via the search engine. The parameter is landinglocation. The function is countSearchedJobs. The file is lib/class.Job.php...
randhcareers.com XSS vulnerability
Open Bug Bounty ID: OBB-618073 Description| Value ---|--- Affected Website:| randhcareers.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
kenyamoja.com Open Redirect vulnerability
Vulnerable URL: http://www.kenyamoja.com/job.php?url=http://www.openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 23:15 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 10140 VIP websi...
MetInfo 5.1.7 job.php SQL盲注
No description provided by source...
Metinfo V5.2 /job/job.php SQL注入漏洞
该问题出现在/job/job.php中,对于全局变量$mobilesql审查没有进行过滤和转义,导致该全局变量可以被覆盖,导致SQL注入的发生,下面来看看漏形成的原因。 首先全局变量被定义在methtml.inc.php中,在job.php的require方法中可以看到。 requireonce '../public/php/methtml.inc.php'; 在methtml.inc.php中可以看到对全局变量的定义,第723行的methtmlgetarray方法中 global...
Phpcms 2008 yp/job.php脚本SQL盲注漏洞
Phpcms网站管理系统是国内主流CMS系统之一 Phpcms所使用的yp/job.php脚本的urldecode函数没有正确地过滤用户所提交的$genre参数便在SQL查询中使用,远程攻击者可以通过提交恶意请求执行SQL注入攻击。以下是有漏洞的PHP代码段: switch$action case 'list': $catid = intval$catid; $head'keywords' .= '职位列表'; $head'title' .= '职位列表'.''.$PHPCMS'sitename'; $head'description' .=...
phpwind_2.0.1_job.php_任意文件创建漏洞
No description provided by source...
phpcms2008 latest 0day & Exp-vulnerability warning-the black bar safety net
Source:My5t3ry The vulnerability exists in the yp/job. php 1 7-3 4 line, the urldecode function to blame, the code is as follows: | 1 2 3 4 5 6 7 8 9 1 0 1 1 1 2 1 3 1 4 1 5 1 6 1 7 1 8 | switch$action case 'list': $catid = intval$catid; $head'keywords' .= 'List positions'; $head'title' .= 'Job...
Php168 a local file inclusion vulnerability-vulnerability warning-the black bar safety net
Php168 a local file inclusion vulnerability Looking at the v6 version,in do/job. php file: ... elseifereg dividing"^-0-9a-zA-Z+$",$GETjob||ereg"^-0-9a-zA-Z+$",$POSTjob requiredirnameFILE."/"." global.php"; ifisfilePHP168PATH."inc/job/$job.php" includePHP168PATH."inc/job/$job.php"; Well,if you ope...
PHPWind job.php远程SQL注入漏洞
PHPWind实现上存在输入验证漏洞,远程攻击者可能利用此漏洞非授权获取论坛的管理员权限。 PHPWind的job.php脚本对待处理的数据未作充分的过滤检查即用来构造SQL请求,远程攻击者可以通过向profile.php脚本的proicon变量传递带有恶意SQL命令串的数据并最终调用job.php,触发漏洞执行SQL注入攻击。攻击者可能利用此漏洞获取论坛的管理权限。 PHPWind PHPWind 2.0.2/3.31ce PHPWind ------- 目前厂商已经在最新版本的软件中修复了这个安全问题,请到厂商的主页下载: http://www.phpwind.net/...
Php168 读取任意文件漏洞
代码:..job.php Line:117 if eregi".php",$url die"ERR"; $fileurl=strreplace$webdbwwwurl,"",$url; ifisfilePHP168PATH."$fileurl"&&filesizePHP168PATH."$fileurl"10241024500 $filename=basename$fileurl; $filetype=substrstrrchr$filename,'.',1; $filename=pregreplace"/\d+200\d+^+.^.+/is","\3",$filename;...
PHPWIND2.02 & PHPWIND3.31ce权限提升漏洞
主要的原因是在于Job.php中产生的,但是操作的行为却在很大程度上迷惑了许多人,包括我在测试漏洞的时候都认为是Profile.php中的$Proicon变量引起的. 其实这个变量确实存在问题,而且可以直接导致一些恶意事件的发生.但是利用的两方面,一个是在Php中组合字符串,形成我们要说的漏洞,另外一个则是形成了删除任意文件的漏洞... 首先我们需要看看漏洞形成,在profile.php中的$proicon中,变量没有经过任何处理直接提交,系统中的变量经过了PHP的GPC转义.到了MySQL中一个XSS隐患.这是最重要的...