phpBB3 Unified Convertor Framework PHP Code Injection

PhpBB3 Unified Convertor Framework suffers from a PHP Code Injection in installation path. By default it should be disabled but you can find open installation path's by dorking it or seeking for dir's. Title: phpBB3 Unified Convertor Framework PHP Code Injection Date: 12.12.13 Contact:...

Discuz! 3.1 后台命令执行

简要描述： 路人甲报过的洞，只是发现了新的利用方法，随手写下 详细说明： 总的来说，就是利用计划任务来执行php代码的。实现过程如下： 测试版本：Discuz! X3.1 Release 20131122 1.全局 » 站点信息：网站第三方统计代码里面插入： 插入后，更新下缓存。 2. 门户 » HTML管理 » 设置： 设置 专题HTML存放目录:source/include/cron 3.门户 » 专题管理 » 列表 » 创建专题,新建一个专题： 专题标题,随便写，静态化名称：test ，附加内容 选上 站点尾部信息然后提交。 4. 开启刚才创建的专题，然后生成： 5.工具 » 计划...

espcms Command Execution Vulnerability可getshell（鸡肋）

简要描述： RT 详细说明： 在后台getshell，略鸡肋 在/datacache/command.php文件 $CONFIG=Array //ICP备案 'icpbeian'='', //网站状态 'isclose'=0, //管理员Email 'adminemail'='[email protected]', //网站网址 'domain'='http://localhost/espcms/', //日志记录 'islog'=1, ………… 后台修改网站系统设置后可将代码写入command.php中 访问command.php并传参...

CVE-2013-1349

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

Sql injection

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

CVE-2013-1349

Eval injection vulnerability in ajax.php in openSIS 4.5 through 5.2 allows remote attackers to execute arbitrary PHP code via the modname parameter...

CVE-2013-4446

The jsondecode function in plugins/contextreactionblock.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the jsondecode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors...

Design/Logic Flaw

The jsondecode function in plugins/contextreactionblock.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support the jsondecode function, allows remote attackers to execute arbitrary PHP code via unspecified vectors...

Eaton Network Shutdown Module 3.21 PHP Code Injection

Eaton Network Shutdown module versions 3.21 and below suffer from a remote PHP code injection vulnerability. This is a python exploit for a previously disclosed finding. !/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage...

Eaton Network Shutdown Module 3.21 PHP Code Injection

!/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \ ------------------------------------------------------------------------------- Guest LocalAdmin The...

Eaton Network Shutdown Module 3.21 - Remote PHP Code Injection

!/usr/bin/env python Quick 'n' Dirty - Metasploit module didn't do it for me 2013 - Filip Waeytens - http://www.wsec.be Usage Example: $ python eaton.py 192.168.1.9 "net user" User accounts for \ ------------------------------------------------------------------------------- Guest LocalAdmin The...

WordPress OptimizePress Theme File Upload

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'uri' class Metasploit3 'WordPress OptimizePress Theme File Upload Vulnerability', 'Description' = %q This module exploits a vulnerability found...

MyBB 1.6.11 - Remote Code Execution

MyBB 1.6.11 - Remote Code Execution input'info' as $key = $info $info = strreplace"\", "\\", $info; $info = strreplace'$', '$', $info; $newlanginfo$key = strreplace""", '"', $info; and Line 69: $langinfo'admin' = $newlanginfo'admin'; You can see that some chars are being replaced , however...

Elastix Voip system 2.x , Php code injection / Data dump Exploit

Elastix is famous asterisk voip system interface dist. it's vulnerable to php code injection vuln , which can be used to dump all data including - SIP Extention Data - Plain text admin password - Moderators passwords - All trunks data - shell upload Usage Info just add the ip list to "list.txt"...

AjaXplorer Zoho plugin < 5.0.4 Directory Traversal Vulnerability

The Zoho plugin of AjaXplorer is prone to a directory traversal and a file upload vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-onl...

Fedora 18 : drupal6-context-3.3-1.fc18 (2013-21298)

CVE-2013-4445/CVE-2013-4446 Context, a drupal module, which allows you to manage contextual conditions and reactions for different portions of your site, was found to have two severe security issues. First issue is that the module allows execution of PHP code via manipulation of a URL argument in...

Fedora 20 : drupal6-context-3.3-1.fc20 (2013-21303)

CVE-2013-4445/CVE-2013-4446 Context, a drupal module, which allows you to manage contextual conditions and reactions for different portions of your site, was found to have two severe security issues. First issue is that the module allows execution of PHP code via manipulation of a URL argument in...

Fedora 19 : drupal6-context-3.3-1.fc19 (2013-21231)

CVE-2013-4445/CVE-2013-4446 Context, a drupal module, which allows you to manage contextual conditions and reactions for different portions of your site, was found to have two severe security issues. First issue is that the module allows execution of PHP code via manipulation of a URL argument in...

WordPress Amplus Cross Site Request Forgery Vulnerability

WordPress Amplus theme suffers from a cross site request forgery vulnerability. Title : Wordpress Amplus Themes CSRF File Upload Vulnerability Author : DevilScreaM Date : 11/17/2013 - 17 November 2013 Category : Web Applications Type : PHP Vendor : http://themeforest.net Download :...

OpenX Ad Server Backdoor PHP Code Execution (CVE-2013-4211)

A Code Execution vulnerability has been reported in OpenX Ad Server. The vulnerability is due to the existence of a backdoor within the flowplayer-3.1.1.min.js library. A remote attacker could exploit this vulnerability by sending a malicious request to the server. Successful exploitation could...