KingCms最新版（k9）注入#1

简要描述： KingCms最新版（k9）注入1 详细说明： 朋友的公司想购买kingcms的授权，让我帮忙看下。发现kingcms很长一段时间没更新了，憋了一段时间放出了最新版的k92014-12-13更新，官网下下来学习一下。 在wooyun上看到了几个漏洞，如： WooYun: kingcms最新版sql注入漏洞 注入点：POST /apps/loupan/manage.php HTTP/1.1 注入参数：where 问题文件在 /apps/loupan/manage.php function create $u=new user;$u-authrole'loupan'; $db=n...

Joomla! Pbbooking组件'manage.php'跨站脚本漏洞

Bugtraq ID:66257 CVE ID:CVE-2013-5955 Joomla!是一套在国外相当知名的内容管理系统。 Joomla! Pbbooking组件'manage.php'脚本不正确过滤用户提交的输入，允许远程攻击者利用漏洞进行跨站脚本攻击，可获取敏感信息或劫持用户会话。 0 Joomla! Pbbooking 2.4 目前没有详细解决方案提供： http://www.joomla.org/ form...

Joomla Pbbooking 2.4 Cross Site Scripting

Hello, Cross-site scripting XSS vulnerability in the Pbbooking 2.4 component for Joomla! allows remote attackers to inject arbitrary web script or HTML via POST request to manage.php. POC: alert'XSS'" / Best regards...

Amoy Empire system background cookie spoofing vulnerability and the background to get shell-vulnerability warning-the black bar safety net

The accidental discovery of Amoy Empire free version of the background can be a cookie trick Tools: the Veteran's cookies'cheat tool Keywords: classification - Mall - brand - woman - man - beauty - shoes and bags - digital - home - food First open the tool the cookie to COOKIEadminuser=admin;...

phpwind （manage.php）SQL injection exploit-vulnerability warning-the black bar safety net

PHPWind is a set of used php+mysql database running and can generate a html page of new and perfect of powerful system. We hope that as an open source. Sharing software,PHPWind can to its smooth speed and high load capacity aroused you to join PHPWind camp enthusiasm! Together to create a...

XSS vulnerability in CMS Source

Vulnerability ID: HTB22551 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityincmssource2.html Product: CMS Source Vendor: Proud Daddy Web Design http://www.prouddaddy.net/ Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010 Vulnerabili...

Local File Inclusion in CMS Source

Vulnerability ID: HTB22552 Reference: http://www.htbridge.ch/advisory/localfileinclusionincmssource1.html Product: CMS Source Vendor: Proud Daddy Web Design http://www.prouddaddy.net/ Vulnerable Version: Current at 28.07.2010 and Probably Prior Versions Vendor Notification: 28 July 2010...

CVE-2009-0424

Cross-site scripting XSS vulnerability in sign1.php in AN Guestbook ANG before 0.7.7 allows remote attackers to inject arbitrary web script or HTML via the country parameter, which is not properly handled in 1 administrator/manage.php or 2 administrator/trash.php. NOTE: some of these details are...

CVE-2007-0863

PHP remote file inclusion vulnerability in Trevorchan 0.7 and earlier allows remote attackers to execute arbitrary code via the tcconfigrootdir parameter to 1 upgrade.php, 2 paintsave.php, 3 menu.php, 4 manage.php, and 5 banned.php. NOTE: his issue has been disputed by reliable third parties, who...