Lucene search
K

13 matches found

Packet Storm
Packet Storm
added 2015/08/22 12:0 a.m.29 views

Vifi Radio 1 Cross Site Request Forgery

. | | / | | \ \ | | \ / | |\ / / /\ \ / \ | Y / ^ / / || / / / / /\ /\ \ \ \ | / \ / http://h4x0resec.blogspot.com / \ | \ \ / // / \ / / / / Vifi Radio v1 - CSRF Arbitrary Change Password Exploit My + Discovered by: KnocKout Contact : [email protected] HomePage :...

1AI score
Exploits0
Exploit DB
Exploit DB
added 2015/08/20 12:0 a.m.22 views

Vifi Radio 1.0 - Cross-Site Request Forgery

. | | / | | \ \ | | \ / | |\ / / /\ \ / \ | Y / ^ / / || / / / / /\ /\ \ \ \ | / \ / http://h4x0resec.blogspot.com / \ | \ \ / // / \ / / / / Vifi Radio v1 - CSRF Arbitrary Change Password Exploit My + Discovered by: KnocKout Contact : [email protected] HomePage :...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2015/01/13 12:0 a.m.23 views

帝友P2C借贷系统前台getshell#1

简要描述: 帝友P2C借贷系统前台getshell1 详细说明: 这次是帝友公司旗下出的另一套电子商务cms 不是帝友p2p! 官方最新版本是 帝友P2C借贷系统V1.01 上传头像处存在getshell 已官方演示站做演示 已注册账号,账号密码都是test1a 访问 http://p2c.diyou.cc/?user&m=approve/safe 上传头像,抓包 修改数据包,插入一句话木马,修改后缀为php后缀 虽然回显500,但是phpshell已经上传了 dyupfiles/avatar/diyou/用户id.php 得到...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/11/21 12:0 a.m.25 views

WSS最新版多处SQL注入直接获取数据三(官方demo演示及快速定位漏洞技巧)

简要描述: WSS最新版多处SQL注入直接获取数据三,官方demo演示,这里存在多处,对同一问题进行总结 详细说明: WSS最新版1.3.2,这里存在多处,并对此同一问题进行总结,以及快速查找同一问题全部漏洞 这里的漏洞没有任何权限限制,任何用户都能进行注入 漏洞分析: WooYun: WSS最新版某处SQL注入直接获取数据二(两处) WSS最新版某处SQL注入直接获取数据二(两处) 这个漏洞之前已经降到了漏洞的过程 因为全局过滤函数设计缺陷导致sql注入 if !functionexists"GetSQLValueString" function...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/16 12:0 a.m.18 views

方维团购4.3版本注射 官方演示大量数据库泄露

简要描述: .......... 详细说明: ....... 漏洞证明: Target: http://t1.fanwe.net:93/t1/index.php?m=Ajax&a=gettypeattr&typeid=123 Host IP: 112.124.32.200 Web Server: IIS Powered-by: WAF/2.0 Powered-by: WAF/2.0 DB Server: MySQL Resp. Timeavg: 168 ms Current User: [email protected] Current DB: t1 Host Name:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/01/06 12:0 a.m.44 views

V5shop官方演示站点一处有意思的逻辑缺陷可泄漏管理员密码

简要描述: 我了个插,一个厂商发3个之后就不挖了,不然有刷rank的嫌疑。 wb都是xsser的,不然他会很伤心的,请别的白帽子也高台贵手。 详细说明: 为啥我会说有意思,难道没意思我会说有意思吗?我不知道你们看完觉得有没有意思。 打开http://site2.v5shop.com.cn/vprostandred/。铺面而来的是 本屌当时就填了个验证码就进去了。看到admin,很高心,于是想要提交,你以为管理是sb吗?这是演示站点啊。虽然你可以进行各种操作,但是你以为官网是sb啊。于是搞的本吊上级下跳,慢慢的审查这个演示后台。突然24k纯金狗眼一亮发现一个地方可以修改密码...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2013/10/28 12:0 a.m.29 views

Struts 2.3.15.3 Cross Site Scripting

Abstract£º The latest version of the current official struts-2.3.15.3£¬struts2-showcase.war demo XSS still exist! Details£º I found an update of the official demo of Strust2, so I did a test. It used to be able to filter, escape input and escape output, but why didn¡¯t it escape this time? Proofs...

0.1AI score
Exploits0
myhack58
myhack58
added 2012/12/12 12:0 a.m.24 views

yourphp cms-stored xss-vulnerability warning-the black bar safety net

yourphp is based on thinkphp framework for the development of the open source cms, there is a storage-typexssvulnerability In the demo of the cms when found this vulnerability, in order to have the power of persuasion, then using the official demo displayxssprocess, In yourphp official...

Exploits0
myhack58
myhack58
added 2012/12/12 12:0 a.m.15 views

PHPCMS2008 Yellow Pages module vulnerability-vulnerability warning-the black bar safety net

PHPCMS2008 Yellow Pages module vulnerability variable initialization is not strict lead to arbitrary PHP code execution PHPCMS2008 system string2array function calls eval with high-risk, in/yp/web/include/common. inc. php$menu variable initialization is not strict, the result can be injected to...

1.7AI score
Exploits0
seebug.org
seebug.org
added 2012/01/27 12:0 a.m.601 views

JEECMS后台任意文件编辑漏洞and官方漏洞及拿shell

简要描述: JEECMS后台任意文件编辑漏洞以及官方的demo站、官方服务器安全问题 详细说明: 2.x后台: login/Jeecms.do 3.x后台: jeeadmin/jeecms/index.do 默认账户:admin 默认密码:password 获取tomcat密码: /jeeadmin/jeecms/template/vedit.do?root=../../conf/&name=../../conf/tomcat-users.xml 获取JDBC数据库账号密码:...

7.1AI score
Exploits0
myhack58
myhack58
added 2011/07/22 12:0 a.m.26 views

Set sail for the enterprise built Station system cookie injection vulnerabilities pass to kill all versions-bug warning-the black bar safety net

by Mr. DzY from www.0855.tv Due to the online open source of something,the copyright cannot be found. This day let's just say almost it. Specific copyright no way to check the similarity of the kernel too much. Source code download: Official website: Official demo: Directly on the virus:...

0.2AI score
Exploits0
myhack58
myhack58
added 2010/08/03 12:0 a.m.21 views

PHPCMS all versions of a page cross-site scripting vulnerability-vulnerability warning-the black bar safety net

Two versions 1, Official demo page for the url xss. 2, official the Master Station of the error reporting page,$info'errorlink'to go from the referer,change the referer to insert arbitrary code. Little harm, the vulnerability level is low. Test code: POC1:...

0.9AI score
Exploits0
myhack58
myhack58
added 2010/08/02 12:0 a.m.16 views

PHPCMS all versions of a page cross-site scripting vulnerability-vulnerability warning-the black bar safety net

Two versions 1, Official demo page for the url xss. 2, official the Master Station of the error reporting page,$info'errorlink'to go from the referer,change the referer to insert arbitrary code. Little harm, the vulnerability level is low. Test code: POC1:...

0.9AI score
Exploits0
Rows per page
Query Builder