Cool Dog PC client remote JS code injection vulnerability(impact of the National cool Dog the user can hung it)-vulnerability warning-the black bar safety net

Mainly using the three vulnerability completed 1 cool Dog Radio backgroundxssvulnerability 2 cool Dog Radio personal background override vulnerability 3 cool Dog Radio home storage-typexssvulnerability 一 :http://www.kugou.com/fm2/app/musicshow/admin/njadmin/index.php Cool Dog Radio personal...

Mail.ru: Reflected XSS in User-Agent

Уязвимость существует на сайтах: 11x11.mail.ru s2.11x11.mail.ru Злоумышленник может внедрить произвольный User-Agent, содержащий JS код. Для примера - alert/BigBear/!--...

Talking about my company for security emergency response-vulnerability warning-the black bar safety net

0×0 0 hack to. Company for hack attacks emergency treatment is still very lacking, that there are security issues, is often the customers are also the victims because the customers found that their data be changed, and then complain to the company that the data what is the malicious changes. Then...

WordPress Comment Extra Fields 1.7 CSRF / XSS

Description : Wordpress Plugins - Comment Extra Fields XSRF/XSS Injection : http://site/wordpress/wp-content/plugins/comment-extra-field/scripts/swfupload.swf?movieName=";catcheif!self.aself.a=!alert'XSS';//...

ZDSoft website generation system vulnerabilities and fixes-vulnerability warning-the black bar safety net

DSoft site generation system a serious vulnerability that can lead to the web server directly is to get the highest permissions, 1. Background permission bypass vulnerability http://www.zdsoft.net/admin/left.aspx the background menu If not logged in, it will js to jump to the login page, disable ...

Xinhua enterprise web site management system v4. 0 XSS0day add administrator and patch-vulnerability warning-the black bar safety net

From:B0mbErM@n Description:online repair function is not to submit the filter Analysis:xiu. asp not be submitted to the filter, resulting in execution of arbitraryXSSstatement. Patch:filter Exp: ../xiu. the asp directly into the repair, then at the contact address written on the SCRIPT...

Ecshop2.7.2持久型XSS（可获得管理员帐号）

简要描述： 个人资料修改时，Javascript代码过滤不够严格，XSS代码直接进入数据库 详细说明： 密码保护问题这一项，没有使用正则过滤，其他的的都有正则过滤。我们可以在密码保护问题里输入XSS，但是后台查看会员资料是不显示密码保护问题的，所以这里必须要网站后台添加了新的 “会员注册项”时，后台查看资料就会显示了，此处填入一段引入外部js的代码:" 外部test.js文件内容如下 Ajax.call'privilege.php?act=update','id=1&username=heihei&[email protected]','',"POST","JSON"; 漏洞证明：...

PHPWIND & DISCUZ! CSRF vulnerability-vulnerability warning-the black bar safety net

PHPWIND & DISCUZ! CSRF vulnerability affects versions: Discuz! 6.0.0 & 6.1.0 & 7.0.0 PHPWIND 6.0 & 6.3 & 7.0 Vulnerability description: PHPWIND & DISCUZ! The presence of CSRF vulnerabilities, triggering PHPWIND & DISCUZ! CSRF WORM! ... d/b31e4d2e6270c384 reference ... d/b31e4d2e6270c384 Safety...

SMF 1.1.7 Persistent XSS (requires permision to edit censor)

SMF 1.1.7 simplemachines.org XSS Exploitation: If you can modify the censor on a SMF forum, then you can make it execute arbitrary JS code. http://SMF.Forum.com/index.php?action=postsettings;sa=censor Just add the following entry: http://www.test.xss/ = http://www.test-xss/"...

SMF 1.1.7 Cross Site Scripting

SMF 1.1.7 simplemachines.org XSS Exploitation: If you can modify the censor on a SMF forum, then you can make it execute arbitrary JS code. http://SMF.Forum.com/index.php?action=postsettings;sa=censor Just add the following entry: http://www.test.xss/ = http://www.test-xss/"...

The use of Flash package net horse-vulnerability warning-the black bar safety net

The use of Flash package network. We use the service-end technical protection network horse, protection to protect the go, network the horse of the JS code will still be caught, in those browser capture tool, network the horse of the JS exposed, the principle is very simple, net horse, no matter...

js script kill free tools to avoid killing experience and simple analysis-vulnerability warning-the black bar safety net

本文 所 做 的 实验 是以 ah.jsice Fox a variant,the attachment named"病毒 样本 .txt"as a virus sample,other js malicious code without tests. Since Kaspersky the js killing the intensity is relatively large, and furthermore, I the present machine it is installed Kaspersky, so its a small amount of additional...

WoltLab Burning Board 2.3.5(WBB) in XSS

Hi WBB in XSS We aren't able to bite from the Avatar ,But attachment.php With xss code are able to bite. HEX editor With GIF picture Open , JS code are writing. GIF89a
jscode Js Code:Hex:...

Site program-Africa SI exploits-vulnerability warning-the black bar safety net

Part I Preface Now the most popular online site attack means, to was SQL Injection, even though SI technology is easy to use, and easy to obtain greater privileges, but because of the limelight too big, now generally is a little security-conscious programmer will pay attention to this problem, an...

Security Advisory: CSS Vulnerability in Web Froums Server 1.6

Security Advisory: CSS Vulnerability in Web Froums Server 1.6 Data: 27.01.2004 Application: Web Froums Server 1.6 Vendor: www.minihttpserver.net Versions: 1.6 and Shareware : Platforms: Windows Bug: JS/HTML code injection. Risk: Low Mini-description for Forums Web Server v1.6: "WebForums Server...