25 matches found
howtotrainyourdragon.nl Open Redirect vulnerability
Open Bug Bounty ID: OBB-401785 Description| Value ---|--- Affected Website:| howtotrainyourdragon.nl Vulnerable Application:| Custom Code Vulnerability Type:| Open Redirect / CWE-601 CVSSv3 Score:| 3.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N Remediation Guide:| OWASP Open Redirect Cheat Shee...
kmakeup.co.kr XSS vulnerability
Vulnerable URL: http://kmakeup.co.kr/news/notice.php?boardcode=boardviewidx=%22%3Etrolo%3Ci%3Etralala%3Cimg%20src=x%20onerror=prompt/OPENBUGBOUNTY/%3E171=46page=4=type=RegDate=desc===notice1=2=3=4=5=6=7=8=9=1==teacherboardnotice Details: Description| Value ---|--- Patched:| Yes, at 26.11.2017...
phpplanner - Cross-Site Scripting / SQL Injection
================================== phpplanner XSS / SQL Vulnerability ================================== Script: php planner Date: 12-06-2010 Author: anT!-Tr0J4n My Home : www.Dev-PoinT.com Software Link:http://phpplanner.sourceforge.net/ Tested on: Win7/Linux DorK :...
Discuz! v7. 2 injection vulnerability analysis and exploit-vulnerability warning-the black bar safety net
Vulnerability analysis: 文件 ./manyou/sources/notice.php The relevant code: $appid = intval$GET'appid'; $db-query"DELETE FROM $tablepremyinvite WHERE appid='$appid' AND touid='$discuzuid'"; showmessage'manyou:done', 'userapp.php script=notice&action=invite'; elseif$option == 'deluserapp' $hash =...
Discuz! 7.2 插件/manyou/sources/notice.php sql注入漏洞
在最新的discuz! 7.2中自带了一个新的应用程序插件manyou。恰恰在这个新插件中,没有对传入的参数进行检查,在GPC为off的情况下,导致注入漏洞的产生。 /manyou/sources/notice.php if$option == 'del' $appid = intval$GET'appid'; $db-query"DELETE FROM $tablepremyinvite WHERE appid='$appid' AND touid='$discuzuid'"; showmessage'manyou:done',...