Discuz！7.2/X1 第三方插件SQL注入及持久型XSS漏洞

简要描述： Discuz！7.2/X1 第三方插件SQL注入及持久型XSS漏洞。 SQL注入比较鸡肋，要求GPC为off（目前这样的网站几乎绝版了） XSS因为是持久型的，只要管理员打开此应用即会触发。利用XSS怎么操作就见仁见智了。 详细说明： 由Discuz！认证的（http://addons.discuz.com/workroom.php）第三方开发团队“潮流少年工作室 Teen Studio”出品的心情墙插件（http://www.discuz.net/forum.php?mod=viewthread&tid=1632898），因变量未初始化及过滤不严导致SQL注入及跨站脚本漏洞...

Jira Enterprise 4.0.1 - Multiple Low Risk Vulnerabilities

Jira - Multiple Low Risk Vulnerabilities Versions Affected: 4.0.1 other versions were not checked. Info: JIRA provides issue tracking and project tracking for software development teams to improve code quality and the speed of development. and so forth. External Links:...

Jira 4.0.1 Cross Site Scripting

Jira - Multiple Low Risk Vulnerabilities Versions Affected: 4.0.1 other versions were not checked. Info: JIRA provides issue tracking and project tracking for software development teams to improve code quality and the speed of development. and so forth. External Links:...

Cetera eCommerce 14.0 Cross Site Scripting / SQL Injection

============================================================= I want to warn you about security vulnerabilities in Cetera eCommerce. Which I disclosed already in December 2009 SecurityVulns ID: 10489. ----------------------------- Advisory: Vulnerabilities in Cetera eCommerce...

Open Realty 2.x and 3.x Persistent XSS Vulnerability

Exploit for php platform in category web applications ==================================================== Open Realty 2.x and 3.x Persistent XSS Vulnerability ==================================================== Author: K053 Date: 2010-7-24 Hompage: http://open-realty.org Download Link:...

Joomla Component com_hotproperty Persistent XSS Vulnerability

Exploit for php platform in category web applications ============================================================= Joomla Component comhotproperty Persistent XSS Vulnerability =============================================================...

Open Realty 2.x/3.x - Persistent Cross-Site Scripting

Title: persistence XSS flaw in Open Realty 2.x and 3.x Author: K053 Date: 2010-7-24 Hompage: http://open-realty.org Download Link: http://www.open-realty.org/download.html Version: 3.x & 2.x ======================================================================================================...

Joomla com_jomestate Persistent XSS Vulnerability

Exploit for php platform in category web applications ================================================= Joomla comjomestate Persistent XSS Vulnerability ================================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /...

Joomla Component com_estateagent Persistent XSS Vulnerability

Exploit for php platform in category web applications ============================================================= Joomla Component comestateagent Persistent XSS Vulnerability =============================================================...

Joomla com_properties Persistent XSS Vulnerability

Exploit for php platform in category web applications ================================================== Joomla comproperties Persistent XSS Vulnerability ================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ ...

PT-2010-4294 · Apache +1 · Apache Http Server +1

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server version 2.2.9 Description: The issue is related to an information disclosure flaw in the mod proxy component of the Apache HTTP Server. When running on Unix platforms, if a timeout occurs while reading a response from a...

Joomla Component com_mls_teams Persistent XSS Vulnerability

Exploit for php platform in category web applications =========================================================== Joomla Component commlsteams Persistent XSS Vulnerability ===========================================================...

Freelancers Marketplace Shell Upload

Name : Freelancers Marketplace Script Upload Vulnerability Date : july 17,2010 Critical Level : HIGH vendor URL :http://www.guruscript.com/ google dork:Powered by Guruscript.com Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd...

Freelancers Marketplace Script Persistent XSS Vulnerability

Exploit for php platform in category web applications =========================================================== Freelancers Marketplace Script Persistent XSS Vulnerability ===========================================================...

Subrion Auto Classifieds Persistent Xss Vulnerability

Exploit for php platform in category web applications ===================================================== Subrion Auto Classifieds Persistent Xss Vulnerability ===================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /'...

Absolute Shopping Cart Cross Site Scripting

Exploit Title: Absolute shopping cart remote Persistent XSS vulnerability Date: 15th july 2010 Author: D4rk357 Critical:meduim contact:d4rk357atyahoodotin Software Link:http://www.absoluteshoppingcartdemo.co.uk/ Greetz to :b0nd, Fbih2s,Beenu,rockey killer,The empty, punter,eberly,prashant Shoutz ...

Campsite CMS - Remote Persistent Cross-Site Scripting

Campsite CMS - Remote Persistent Cross-Site Scripting Exploit Title: Campsite CMS remote Persistent XSS vulnerability Date: 15th july 2010 Author: D4rk357 Critical:Low Contact:bd4rk357atyahoodotin Software Link:bhttp://www.sourcefabric.org/en/home/web/78/Demo--Documentation.htm?tpl=18 Greetz...

Campsite CMS remote Persistent XSS vulnerability

Exploit for php platform in category web applications ================================================ Campsite CMS remote Persistent XSS vulnerability ================================================ Exploit Title: Campsite CMS remote Persistent XSS vulnerability Date: 15th july 2010 Author:...

SimpGB 1.37.3 Cross Site Scripting

Hello Full-Disclosure! I want to warn you about security vulnerabilities in SimpGB. Earlier I already wrote about other vulnerabilities in SimpGB - SecurityVulns ID: 10412 http://securityvulns.ru/news/CGI/2009.11.19.html. ----------------------------- Advisory: Cross-Site Scripting vulnerabilitie...

Cross-Site Scripting vulnerabilities in SimpGB

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Cross-Site Scripting persistent XSS уязвимостях в SimpGB. Ранее я уже сообщал о других уязвимостях в SimpGB http://securityvulns.ru/news/CGI/2009.11.19.html. XSS: Это Persistent XSS в трёх функционалах веб приложения. POST запрос на страницах:...