Apache/NGINX 下 PHP-FPM 或者 PHP-CGI 拒绝服务漏洞

使用标准cable/DSL连接，这种攻击可以使用标准的HTTP请求占满一台Linux web服务器的CPU和内存。这种攻击影响使用PHP-CGI或PHP-FPM（包含WordPress站点在内）解析PHP动态内容的Apache或者NGINX web服务器。另外，这种攻击制造的请求将会在攻击后的较长时间内继续占用服务器资源。 0 全版本 暂无 ?php !/usr/bin/php / File: phpstress.php Written by: d4rk0 / @d4rk0s Concept by: Vinny Troia / @VinnyTroia Night Lion Securit...

Unitrends Enterprise Backup 7.3.0 - Root Remote Code Execution (Metasploit)

Unitrends Enterprise Backup 7.3.0 - Root Remote Code Execution Metasploit Unitrends Enterprise Backup 7.3.0 Multiple vulnerabilities exist within this piece of software. The largest one is likely the fact that the ‘auth’ string used for authorization isn’t random at all. After authentication, any...

Upload vulnerability science[1]-The file upload form is Web Security the main threat-vulnerability warning-the black bar safety net

In order to allow the end user to upload files to your website, just like Is to compromise your server for a malicious user to open another door. Even so, in today's modern Internet Web applications, it is a common requirement, because it helps to improve your business efficiency. On Facebook and...

FlashComs Chat Script File Upload

"@".$options'f'."","fileId" = $options"f"; $result = curlexec$handle; ifstrpos$result,"UPLOADSUCCESS" echo "\n\n"; echo "\t+ Exploitation success!!\n"; echo "\t+ http://$optionsu/files/$optionsf\n"; echo "...

Destoon最新版本20131010补丁后，全版本继续注入

简要描述： Destoon最新版本20131010补丁后，全版本继续注入 详细说明： 问题出在api/js.php这个漏洞，这个星期工作忙，结果别人提交了，官方补丁都出来了。 下载补丁，发现官方的修复比较马虎，没有理解漏洞的本质，分分钟绕过再次注入。 建议官方好好思考一下这个漏洞产生的根本原因。 漏洞证明： stripsql过滤了union这个字符串，但是实际上是可以绕过的。 由于需要伪造referer，所以用php写的脚本进行漏洞利用，需要根据实际情况修改里面的路径。 POC里面host参数为域名，本机测试为localhost，ver参数为版本，里面写了3,4,5三个版本的利用代码。...

CVE-2013-5930

Cross-site scripting XSS vulnerability in searchresidential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos parameter...

CVE-2013-5931

SQL injection vulnerability in propertylistingsdetail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in searchresidential.php in Real Estate PHP Script allows remote attackers to inject arbitrary web script or HTML via the bos parameter...

CVE-2013-5931

SQL injection vulnerability in propertylistingsdetail.php in Real Estate PHP Script allows remote attackers to execute arbitrary SQL commands via the listingid parameter...

CVE-2013-5930

CVE-2013-5930 affects the Real Estate PHP Script, specifically the search_residential.php endpoint. It is a cross-site scripting (XSS) vulnerability exploitable via the bos parameter, allowing remote attackers to inject arbitrary scripts/HTML. The NVD entry notes a CVSS v2 base score of 4.3 (Medi...

Joomla core <= 3.1.5 reflected XSS vulnerability

============================================================ - Original release date: August 05, 2013 - Discovered by: Emilio Pinna Application Security Analyst at Abinsula - Contact: emilio dot pinn at gmail dot com - Severity: 4.3/10 Base CVSS Score...

Real Estate PHP Script Cross Site Scripting

Cross Site Scripting Application Name : Real Estate Php Script Vulnerable Type : Post Cross Site Scripting Infection : Yönetici ve User cookie’leri çalýnabilir. Bug Fix Advice : Zararlý karakterler filtrelenmelidir. Author : Lazmania61 | Bug Researchers Example :...

Juniper JunOS 9.x Cross Site Scripting

Exploit Title: Juniper JUNOS 9.X HTML Injection Vulnerability Google Dork: intext:"2009, Juniper Networks" intext:"Firewall User Web-Authentication" Date: Jul 24th 2013 Exploit Author: Andrea Menin linkedin.com/in/andreamenin Vendor Homepage: http://www.juniper.net Version: JUNOS 9.X Tested on:...

[waraxe-2013-SA#106] - Multiple Vulnerabilities in Saurus CMS 4.7.1

waraxe-2013-SA106 - Multiple Vulnerabilities in Saurus CMS 4.7.1 ================================================================================ Author: Janek Vind "waraxe" Date: 14. July 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-106.html Description of vulnerable software...

WordPress Plugin miniBB - SQL Injection / Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/61116/info miniBB is prone to an SQL-injection vulnerability and multiple cross-site scripting vulnerabilities. Successful exploits could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data...

CentOS 4 : php (CESA-2007:0349)

Updated PHP packages that fix two security issues are now available for Red Hat Enterprise Linux 4. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web server. A hea...

Securimage example_form.php XSS

The version of Securimage on the remote host contains a flaw that allows a remote cross-site scripting vulnerability because the application does not validate the 'REQUESTURI' variable in the 'exampleform.php' script. An attacker may be able to leverage this to inject arbitrary HTML and script co...

Freelancer.com XSS + Cookie Grabber

Stored XSS in Freelancer.com + Cookie Stealer. The package contains the how-to guide, PHP scriptcookie grabber and XSS vector in order. This is private exploit. You can buy it at https://0day.today...

eYou /php/ip_status.php 命令执行漏洞

No description provided by source...

MediaWiki mwdoc-filter.php Arbitrary File Access

The MediaWiki install hosted on the remote web server is affected by an arbitrary file access vulnerability due to a failure to restrict the execution of the 'maintenance/mwdoc-filter.php' script. An attacker can exploit this issue by sending a specialized URI to read files located outside the we...