CVE-2017-17586

FS Olx Clone 1.0 has SQL Injection via the subpage.php scat parameter or the message.php pid parameter...

Multiple SQL Injection Vulnerabilities in phpaaCMS

phpaaCMS is a simple article management system. A SQL injection vulnerability exists in /search.php and /message.php in phpaaCMS v0.5, which can be exploited by attackers to obtain sensitive information about the database...

CVE-2017-12984

PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/messageupdate.php...

Design/Logic Flaw

PHPMyWind 5.3 has XSS in shoppingcart.php, related to message.php, admin/message.php, and admin/messageupdate.php...

CVE-2017-12984

PHPMyWind 5.3 is affected by a cross-site scripting (XSS) vulnerability in shoppingcart.php, with related exposure through message.php and admin/message*. The CVE-2017-12984 entry confirms XSS in shoppingcart.php and references associated files (message.php, admin/message.php, admin/message_updat...

phpaaCms message.php SQL Injection Vulnerability

No description provided by source...

MetInfo 5.3 \message\message.php 存储型 XSS 漏洞

MetInfo5.3,从官网下的最新安装包之后，在自己的服务器上面搭建之后正式开始测试 首先来看问题页面 MetInfo5.3\message\message.php 这个文件里面 php if!$Captcha-CheckCode$code echo" alert'$langmembercode'; window.history.back;"; exit; 该段代码里面去除了SCRIPT关键字，所以当我们直接提交的时候 用户提交那块会直接清空，管理员则是去除关键字 现在我们触发该存储XSS 测试过程： alert'test' 我们将该测试xss进行编码 编码方式为HTML实体（DEC）...

kppw最新版前台sql注入

简要描述： 我这么认真，你们还是给我点对应的rank吧 详细说明： 算上关联的函数，本来还有很多的，我自己也没有找了， 我测试的是utf版本的，你们gbk版本由于这个问题已经炸了，希望好好审查 下面我拿 control\user\messagesend.php文件举例，同样问题的我找的还有 message.php,yijia.php setUid $gUid ; $objMsgM-setUsername $username ; $objMsgM-setTouid $arrSpaceInfo 'uid' ; $objMsgM-setTousername $arrSpaceInfo...

benjunto.com XSS vulnerability

Vulnerable URL: http://benjunto.com/message.php?subject=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 3 VIP website status:| No Check...

Doyo建站 SQL注入

简要描述： 两头牛在一起吃草，青牛问黑牛：“喂！你的草是什么味道？” 黑牛道：“草莓味！” 青牛靠过来吃了一口，愤怒地喊到：“你骗我！” 黑牛轻蔑地看他一眼，回道：“笨蛋，我说草没味。” 详细说明： 1 source\message.php function add if$GLOBALS'GDY''vercode'==1 if!$this-syArgs"vercode",1||md5strtolower$this-syArgs"vercode",1!=$SESSION'doyoverify'message"验证码错误"; if!$this-syArgs'tid'message"请选择栏目...

X7 Chat 2.0.5 lib/message.php preg_replace() PHP Code Execution Exploit

This Metasploit module exploits a post-auth vulnerability found in X7 Chat versions 2.0.0 up to 2.0.5.1. The vulnerable code exists on lib/message.php, which uses pregreplace function with the /e modifier. This allows a remote authenticated attacker to execute arbitrary PHP code in the remote...

CityPost PHP LNKX 52.0 Message.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13255/info CityPost PHP LNKX is affected by a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'message.php' script. An attacker may...

DOYO 2.3 /message.php SQL注入漏洞

Doyo 2.3...

destoon /v5.0/ 存储型xss指哪打哪

简要描述： 存储型xss 指哪打哪 详细说明： 注册一个用户 http://127.0.0.1/v5.0/member/message.php?action=send&touser=oboi123&title=RE:RE%3ARE%3Asdaaaaaaa 回复处用了编辑器 编辑器有些标签没过滤，导致xss执行 xsscode: object 经过base64 可形成xss语句 漏洞证明：...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Phone, 2 Street, 3 Address line, 4 Zip code, or 5 City field to main/auth/profile.php; 6 Subject field to main/social/groups.php; or 7 Message body field to...

PHPWind 6.0 multiple cross-site scripting vulnerability-vulnerability warning-the black bar safety net

PHPWind is a domestic of the more popular PHP-based Web forum application. PHPWind 在 访客 注销 时 没有 正确 的 过滤 提交 给 hack.php and search.php and read.php and post.php and thread.php and profile.php and sort.php and message.php and userpay. php, etc. page of request parameters, a remote attacker can submi...

PHPWind 6.0 Cross Site Scripting

I found the PHPWind v6.0 just filter the xss code when the visitors login in, but it doesnt do it when login off. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This flaw makes its all the parameters...

CVE-2009-2558

system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request...

CVE-2009-2558

system/message.php in Admin News Tools 2.5 does not properly restrict access, which allows remote attackers to post news messages via a direct request...

asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerabilities

Exploit for unknown platform in category web applications ================================================================= asiCMS alpha 0.208 Multiple Remote File Inclusion Vulnerabilities =================================================================...