College Notes Gallery SQL Injection Vulnerability

College Notes Gallery is a personal blog. code-projects College Notes Gallery version 2.0 suffers from a SQL injection vulnerability that stems from the parameter user in the file login.php that causes SQL injection...

my-site 跨站脚本漏洞

my-site is WinterChenS personal developer's springboot2.0 based development of personal Web site , integrated : personal home page , personal blog , personal works . WinterChenS my-site has a security vulnerability that stems from the presence of a cross-site scripting XSS vulnerability that allo...

FS-Blog 跨站脚本漏洞

FS-Blog is a personal blog based on Spring Boot by the individual developer of zbl1996. A security vulnerability exists in FS-Blog. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

File upload vulnerability in web-blogs

web-blog is a web personal blog management system. A file upload vulnerability exists in web-blog. An attacker can exploit the vulnerability to upload arbitrary php scripts to gain server control privileges...

SQL Injection Vulnerability in Axublog Version 1.1.0

Axublog is a PHP personal blog system. A SQL injection vulnerability exists in Axublog version 1.1.0. An attacker can exploit the vulnerability to obtain sensitive database information...

emlog personal blog system background there is privilege elevation vulnerability

Impact version emlog = 5.1.2 Prerequisites: need to log in the background Exploit Log in the background after a visit to admin/? action=phpinfo page, get website physical path In the database backup page to back up the database, export to a local computer, and then edit the exported . sql format ...

Emlog personal blog system exists arbitrary file deletion vulnerability

Short for every memory log, emlog is a PHP and MySQL based blog and CMS builder. The /src/admin/data.php page of the emlog personal blog system has an arbitrary file deletion vulnerability. As Bak fails to bring in the unlink function directly after the restriction, allowing an attacker to delete...

Heiner personal blog system backend authentication bypass vulnerability and fix-vulnerability warning-the black bar safety net

Software description HeinerHituxpersonal blog by the system to build your blog or personal website will be a breeze. Does not need to have how Professional web design knowledge, without the need for the program there are many familiar, only the download Heiner personal blog source code uploaded t...

Lulzsec member blog hacked by TeaMp0isoN

Lulzsec member blog hacked by TeaMp0isoN Personal Blog https://sven-slootweg.nl/ of one of the Lulzsec Member get defaced by TeaMp0isoN . Get more details about TeaMp0isoN. BREAKING NEWS: TEH LULZBOAT HAS OFFICALY SANK WITH 100S OF ANON MEMBERS ON BOARD!No matter how many bots you gather, no matt...

PJBlog个人博客系统cls_logAction.asp文件存在注入漏洞

PJBlog一套开源免费的中文个人博客系统程序，采用asp+Access的技术，具有相当高的运作效能以及更新率，也支持目前Blog所使用的新技术。 在文件class/clslogAction.asp中： oldcate=request.form"oldcate" //第429行 oldctype=request.form"oldtype" D = conn.execute"select catePart from blogCategory where cateID="&oldcate0 程序没有对变量oldcate做任何过滤放入sql查询语句中，导致注入漏洞的产生。 PJBlog...

[Aria-Security] Image Racer SearchResults.asp SQL INJECTION vuln.

Aria-Security Team Image Racer SearchResults.asp SQL Injection Vendor: http://www.junctionquest.com/Software.asp Example: http://www.TARGET.com/SearchResults.asp?SearchWord=SQL COMMAND&WordSearchCrit=Yes&image.x=0&image.y=0 Example : -1 'union select username,password from admin where FIND IT YOU...