371 matches found
Phpcms 2008 space.api.php SQL注入漏洞
Phpcms 是国内领先的网站内容管理系统,同时也是一个开源的PHP开发框架。 在文件api/space.api.php中: $arrcontent = $content-listinfo"userid='$userid'", $order, 1, 10; //第7行 Listinfo函数在文件include/admin/ content.class.php中: function listinfo$where = '', $order = 'listorder DESC,contentid DESC', $page = 1, $pagesize = 50 //第169行 if$where...
PHPCMS all versions of a page cross-site scripting vulnerability-vulnerability warning-the black bar safety net
Two versions 1, Official demo page for the url xss. 2, official the Master Station of the error reporting page,$info'errorlink'to go from the referer,change the referer to insert arbitrary code. Little harm, the vulnerability level is low. Test code: POC1:...
PHPCMS all versions of a page cross-site scripting vulnerability-vulnerability warning-the black bar safety net
Two versions 1, Official demo page for the url xss. 2, official the Master Station of the error reporting page,$info'errorlink'to go from the referer,change the referer to insert arbitrary code. Little harm, the vulnerability level is low. Test code: POC1:...
phpcms 2 0 0 7 site management system Member. php page SQL injection vulnerability-vulnerability warning-the black bar safety net
Affected version: phpcms 2 0 0 7 GBK Vulnerability description: In the member/member. php line 4, The code is as follows: 1. .............. 2. $m = $db-getone SELECT FROM . TABLEMEMBER. m , . TABLEMEMBERINFO. i WHERE m. userid=i. userid AND m. username= 3. $username 4. , CACHE ,8 6 4 0 0; 5...
PHPCMS 2 0 0 7 Site Management System common. inc. php page the variable overwrite vulnerability-vulnerability warning-the black bar safety net
Affected version: PHPCMS 2 0 0 7 Vulnerability description: PHPCMS is a PHP-based+Mysql architecture of the web content management system, it is an open-source PHP development platform. Phpcms uses a modular approach to the development, functional and easy to use to facilitate the expansion, for...
Phpcms 2 0 0 8 yp/job. php script SQL blind injection vulnerability-vulnerability warning-the black bar safety net
Affected version: Phpcms 2 0 0 8 Vulnerability description: Phpcms website management system is the domestic mainstream CMS systems Phpcms the use of yp/job. php script to urldecode function does not properly filter user submitted$genre parameters in the SQL used in the query, a remote attacker c...
PHPCMS2008 1 0 0 5 2 7 version website management system to download an arbitrary file vulnerability-vulnerability warning-the black bar safety net
Phpcms is a PHP-based+Mysql architecture of the web content management system, it is an open-source PHP development platform. Phpcms uses a modular approach to the development, functional and easy to use to facilitate the expansion, for medium to large sites provide heavyweight website Building...
PHPCMS 2007网站管理系统common.inc.php页面变量覆盖漏洞
PHPCMS是一款基于 PHP+Mysql 架构的网站内容管理系统,也是一个开源的 PHP 开发平台。Phpcms 采用模块化方式开发,功能易用便于扩展,可面向大中型站点提供重量级网站建设解决方案。 在文件incude/common.inc.php中: if!defined'INADMIN' //不是管理员则进入判断 if$CONFIG'dbiscache' $dbfile .= 'cache'; if$CONFIG'phpcache' == '2' $cachefileid = md5$PHPSELF.'?'.$PHPQUERYSTRING; $cachefiledir =...
phpcms 2007网站管理系统Member.php页面SQL注入漏洞
在member/member.php的第4行,代码如下: 1. .............. 2. $m = $db-getone SELECT FROM .TABLEMEMBER. m , .TABLEMEMBERINFO. i WHERE m.userid=i.userid AND m.username= 3. $username 4. , CACHE ,86400; 5. .............. username变量未经过过滤就进入查询了,我们在其包含的include/common.inc.php文件中有如下代码: 1. ................ 2...
Phpcms 2008 yp/job.php脚本SQL盲注漏洞
Phpcms网站管理系统是国内主流CMS系统之一 Phpcms所使用的yp/job.php脚本的urldecode函数没有正确地过滤用户所提交的$genre参数便在SQL查询中使用,远程攻击者可以通过提交恶意请求执行SQL注入攻击。以下是有漏洞的PHP代码段: switch$action case 'list': $catid = intval$catid; $head'keywords' .= '职位列表'; $head'title' .= '职位列表'.''.$PHPCMS'sitename'; $head'description' .=...
phpcms2008 sp4 /member/login.php cross-site vulnerabilities-vulnerability warning-the black bar safety net
Phpcms is a leading web content management system, but also is an open-source PHP development framework. Phpcms by the content model, Membership, ask, theme, financial, orders, advertising, email subscription, short Messaging, custom forms, site wide search, etc. the 2 0 plurality of functional...
PHPCMS2008 100527版本网站管理系统下载任意文件漏洞
phpcms2008sp4 下载任意文件漏洞发布后,27号官方的补丁是这样的: down.php ifpregmatch'/.php/i',$f || strpos$f, ":\" showmessage'地址有误'; //12行 没补丁前是这样的: ifpregmatch'/.php$/',$f || strpos$f, ":\" showmessage'地址有误'; //12行 可以看出两者的区别。 但同样是这个文件中: parsestr$ak;//8行 知道这里还有更好的利用方法了,再看文件: download.php if$m $fileurl =...
PhpCms 2008 Sp3 Blind SQL Injection Exploit(1)
No description provided by source. ?php iniset"maxexecutiontime",0; errorreporting7; function usage global $argv; exit "\n--+++============================================================+++--". "\n--+++====== PhpCms 2008 Sp3 Blind SQL Injection Exploit========+++--"...
phpcms 2 0 0 8 yp.php 0day exp-vulnerability warning-the black bar safety net
? php iniset“maxexecutiontime”,0; errorreporting7; function usage global $argv; exit “\n–+++============================================================+++–”. “\n–+++====== PhpCms 2 0 0 8 Sp3 Blind SQL Injection Exploit========+++–”...
phpcms 3.0.0 file upload vulnerability-vulnerability warning-the black bar safety net
Vulnerability file: ads/upload.php and uppic.php The code is as follows: require "common.php"; require PHPCMSROOT."/ class/upload.php"; if!$ userid message"Please first login or REGISTER!" , PHPCMSPATH."member/login.php"; if$extid==1 $upfiletype= "jpg|png|gif"; elseif $extid==2 $upfiletype= "swf"...
PHPCMS 搜索跨站脚本漏洞(xss vulnerability)
北洋贱队2009.11.27首发 在phpcms2008中,search未对传入的type参数过滤,可直接修改提交跨站语句,导致xss的产生。 如被无良骇客社工利用可以盗取用户Cookies,有严重威胁。 2008 对type进行限制修改参数,过滤各个不安全参数。 http://www.nosec.org/search/?type=%22%3E%3Ciframe%20src=http://www.gohack.org%3E&q=Pangolin&s=%CB%D1%CB%F7...
PHPCMS 2007 / 2008 跨站脚本漏洞(xss vulnerability)
1、在phpcms2007中,sendmail.php未对传入的mailto, title等参数过滤,导致xss的产生。 不用上源码了,明眼人一看就明白。 Demo:http://www.cnegg.net/mail/sendmail.php?mailto=asdfa"scriptalert/CnCxzSec//script 考虑到PHPCMS2007的用户交互性,该鸡肋XSS可盗取COOKIES,有一定危害。 2、在phpcms2008中sendmail.php对传入变量有一定过滤,可是在magicquote=off的情况下,仍可利用...
phpcms 2007 pic.inc.php 信息泄漏漏洞
No description provided by source...
phpcms 2007sp6 digg-add.php Sql注入漏洞
No description provided by source...
phpcms 2007sp6 tag.func.php Sql注入
No description provided by source...