php168 知道模块 /zhidao/user.php?j=question&u SQL注入漏洞

No description provided by source...

PHP168 6.0及以下版本在文件login.php处存在利用生成的缓存PHP文件执行命令漏洞

No description provided by source...

PHP168 homepage.php/admin/member-profile 敏感信息泄露

No description provided by source...

国微CMS(原PHP168) SQL 注入漏洞

该系统通过以下参数调用 ask/item-confirm-category-8.html 其中item代表目录 confirm代表该目录下的文件 ask/modules/item/confirm.php $keyword = isset$GET'keyword' ? rawurldecode$GET'keyword' : ''; ifempty$keyword message'askerror', HTTPREFERER, 3; get得到keyword变量然后urldecode解码 $select = select; $select-from$thismodule-table . ' ...

PHP168 6.0 and below the version login. php memory major security vulnerability-vulnerability warning-the black bar safety net

A big problem, it is best not to ignore。。。。 The use of the code will be php Trojan is inserted into the cache/directory to easily get webshell, you can bulk. Use a search engine to search Powered by php168 v6 or what version of v5, v4, v3, v2, v1 will search to many, many more related site Since...

php168 /template/homepage/default/core/member/profile.html 信息泄漏漏洞

No description provided by source...

PHP168 explosion vulnerability, you can query any user data-bug warning-the black bar safety net

PHP168 program built-in“user”module contains the user profile display page. In many practical scenarios, this page is not the front Desk use, but can be directly through the URL access. Page routing is:/homepage.php/username/member-profile To PHP168 official demo site, for example, to view any us...

PHP168 a magical loophole, you can query any user data-bug warning-the black bar safety net

Brief description: Country micro-PHP168 appeared a magic array, can cause the whole station to the user data leakage. The leaked content includes total Station user passwords in cipher text, email, password, salt, IP and other sensitive information. Detailed description: PHP168 program...

php168 know the system injection vulnerability-vulnerability warning-the black bar safety net

I'm finishing up the three keywords inurl:zhidao Powered by qibosoft inurl:w8 Powered by qibosoft inurl:ask Powered by qibosoft http://v7.php168.com/zhidao/user.php?j=question&u=-1+union+select+1,2,3,concatuser,0x3a,version,0x3a,database,5,6,7,8-- The official website of the test ! Database...

Qi Bo cms whole Station system(original PHP168)is configured incorrectly actuating any of the user login-bug warning-the black bar safety net

Qi Bo cms whole Station system of the original PHP168 configured improperly cause any user login, such as the cms administrator. Detail: or because of UCCENTER the problem, before it is too UCKEY variable is empty when you can call UCCENTER in the associated users API directly operates today unde...

PHP168 V6.02 vote.php 跨站漏洞

No description provided by source...

Php168 v2008 special.php sql注入漏洞

PHP168整站是PHP领域当前功能最强大的建站系统,代码全部开源,可极其方便的进行二次开发,所有功能模块可以自由安装与删除,个人用户完全免费使用。 在文件member/ special.php中： elseif$job=="showiframe" //第126行 $rsdb=$db-getone"SELECT FROM $prespecial WHERE uid='$lfjuid' AND id='$id'"; …… if$act=="del"&&$aid //第155行 $detail=explode",",$rsdbaids; foreach $detail AS...

Php168 v2008 list.php sql注入漏洞

PHP168整站是PHP领域当前功能最强大的建站系统,代码全部开源,可极其方便的进行二次开发,所有功能模块可以自由安装与删除,个人用户完全免费使用 在文件member/ list.php中： if!$aidDB //第127行 showerr"请至少选择一篇文章"; …… if$Type=='delete' //第49行 makemorearticlehtml"$FROMURL","del0",$aidDB; makemorearticlehtml函数在inc/articfunction.php文件中： function...

PHP168 V6. 0 2 /member/post. php code execution vulnerability Xday-vulnerability warning-the black bar safety net

PHP168 whole Station is the PHP field of the current most powerful build system, The code is all open source, can be extremely convenient for secondary development, all modules can be freely installed and removed, the individual user is completely free to use. PHP168 in an array without the first...

PHP168 arbitrary code execution GET SHELL vulnerability-vulnerability warning-the black bar safety net

Vulnerability description: PHP168 whole Station is the PHP field of the current most powerful build system, The code is all open source, can be extremely convenient for secondary development, all modules can be freely installed and removed, the individual user is completely free to use. PHP168 V6...

PHP168 V6.02 /member/post.php代码执行漏洞

PHP168整站是PHP领域当前功能最强大的建站系统，代码全部开源，可极其方便的进行二次开发，所有功能模块可以自由安装与删除，个人用户完全免费使用。 PHP168在某数组没有初试化,导致可以提交任意代码执行。 PHP168 V6.02 暂无 等待官方补丁...

PHP168 V6. 0 2 vulnerability-vulnerability warning-the black bar safety net

PHP168 V6. 0 2 vulnerability 0day details Brief description: PHP168 in some function using the eval function,but an array is not the first test of the,the result can be submitted to arbitrary code execution. Detailed description: ----------------------------- Registration. I don't know Brother,...

PHP168 V6. 01/6. 0 2 elevation of privilege and storm the local path vulnerability-vulnerability warning-the black bar safety net

PHP168 whole Station is the PHP field of the current most powerful build system, The code is all open source, can be extremely convenient for secondary development, all modules can be freely installed and removed, individual users completely free to use PHPCMS V6. 0 1 There is a serious security...

PHP168 V6. 0 2 getshell 0day-vulnerability warning-the black bar safety net

First register a member,after landing on the address bar submit: http://v6.php168.com/member/post.php?only=1&showHtmlTypebencandy1=$phpinfo&aid=1&job=endHTML You can see the implementation of the phpinfo...

PHP168 V6.02整站系统远程执行任意代码漏洞

PHP168在某些函数里运用了eval函数,但是某数组没有初试化,导致可以提交任意代码执行. 漏洞出在inc/function.inc.php里面.gethtmlurl这个函数. function gethtmlurl global $rsdb,$aid,$fidDB,$webdb,$fid,$page,$showHtmlType,$HtmlType; $id=$aid; if$page1 $page=1; $postdbposttime=$rsdbposttime; if$showHtmlTypebencandy$id...