Authentication flaw

An XXE issue was discovered in PHPSHE 1.7, which can be used to read any file in the system or scan the internal network without authentication. This occurs because of the call to wechatgetxml in include/plugin/payment/wechat/notifyurl.php...

Maccms V8 Sql Injection #2

简要描述： 现在 V8版本 基本全部文件都有zend加密了。 只有那么少数的几个文件没加密。。 我就看看那几个把。。 详细说明： 在inc/user/alipay/notifyurl.php中 $alipayNotify = new AlipayNotify$alipayconfig; $verifyresult = $alipayNotify-verifyNotify; $verifyresult2 = $alipayNotify-verifyReturn; if$verifyresult //验证成功...