CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

258 matches found

seebug.org•added 2014/04/16 12:0 a.m.•65 views

PHPMyWind最新版SQL注入漏洞

简要描述： PHPMyWind最新版SQL注入详细说明：文件：/data/alipay/returnurl.php $alipayNotify = new AlipayNotify$alipayconfig; $verifyresult = $alipayNotify-verifyReturn; if$verifyresult //验证成功...

7AI score

Exploits0

seebug.org•added 2014/03/27 12:0 a.m.•66 views

phpmywind 4.6.6 /order.php SQL注入漏洞

No description provided by source...

7.1AI score

Exploits0

seebug.org•added 2014/03/18 12:0 a.m.•23 views

PHPMYWIND Sql Injection #2

简要描述：过滤不严。详细说明： PHPMyWind\data\alipay\notifyurl.php中 $alipayNotify = new AlipayNotify$alipayconfig; $verifyresult = $alipayNotify-verifyNotify; if$verifyresult //验证成功...

7.1AI score

Exploits0

seebug.org•added 2014/03/17 12:0 a.m.•85 views

PHPMYWIND 后台Getshell的一种方法

简要描述：过滤不严。详细说明： phpmywind 和 dedecms 都挺像的。在修改配置文件的时候过滤掉了单引号防止闭合单引号 Getshell。 $cfgwebname = '我的网站'; $cfgweburl = 'http://127.0.0.1'; $cfgwebpath = '/phpmywind'; $cfgauthor = ''; $cfggenerator = 'PHPMyWind CMS'; $cfgkeyword = ''; $cfgdescription = ''; 配置文件单引号保护。然后过滤掉单引号。看似无法从配置文件这里下手其实还是可以的...

7.1AI score

Exploits0

seebug.org•added 2014/02/24 12:0 a.m.•22 views

PHPMyWind后台无条件获取webshell

简要描述：当时我就惊呆了... 详细说明：在/include/mysql.class.php487行有这样一段代码 //保存MySql错误日志 $userIP = GetIP; $getUrl = GetCurUrl; $getTime = GetDateTimetime; $logfile = dirnameFILE.'/../data/error/mysqlerrortrace.php'; $savemsg = ' Time: '.$getTime.'. || Page: '.$getUrl.' || IP: '.$userIP.' || Error: '.$msg."\r\n"...

7.1AI score

Exploits0

seebug.org•added 2014/02/24 12:0 a.m.•27 views

phpMyWind又一注入无视补丁

简要描述： phpMyWind又一注入无视补丁详细说明：废话不多说了，看正文吧。 0x01 漏洞原理漏洞在shoppingcart.php文件大约152行处： $goods ? GetOne"SELECT FROM @goods WHERE id=".$goods0;/color //省略部分代码可以从代码开始部分看到，$goods变量是从cookie中取出的shoppingcart字段值直接反序列化后的内容，没有进行任何的过滤和校验。 0x02 利用分析...

8AI score

Exploits0

seebug.org•added 2014/02/24 12:0 a.m.•20 views

PHPMyWind绕过正则缺陷后台getshell

简要描述：坑爹啊shell到手有木有... 详细说明：看了看，前面的漏洞木有确认，好伤心啊 bug文件地址/include/mysql.class.php第511行; //如果是普通查询语句，直接过滤一些特殊语法 if$querytype == 'select' ifpregmatch'/^[email protected],union|sleep|benchmark|loadfile|outfile^[email protected],/', $sql//这个正则大概就是为了防止拿shell的 $this-DisplayError"$sql||SelectBreak",1;...

7.1AI score

Exploits0

seebug.org•added 2014/02/22 12:0 a.m.•27 views

PHPMYWIND sql 一枚无视GPC

简要描述：今天又去重新看了看phpmywind 在官网上下的版本还是4.6.6 无需登录无需单引号。详细说明：在order.php中 ifempty$COOKIE'shoppingcart' header'location:shoppingcart.php'; exit; //不允许游客下单跳转登陆 ifempty$COOKIE'username' header'location:member.php?c=login'; exit; 让这两个不为空就好。 $action = isset$action ? $action : ''; $datagroup =...

7.1AI score

Exploits0

seebug.org•added 2014/02/20 12:0 a.m.•11 views

PHPMyWind最新版SQL注射#1

简要描述：通用型软件有奖励吗？怎么在重点应用跟一般应用都找不到PHPMyWind？？？详细说明：在官网http://www.phpmywind.com/看了下，最新版是4.6.6，更新时间是13/11/28。去年知道创宇曾发布PHPMyWind三个SQL注入补丁→http://bbs.anquan.org/forum.php?mod=viewthread&tid=26575 本次报告的漏洞文件是order.php，上面的补丁包修复了order.php的31行的level，但是在374行的id却置之不理，因此漏洞产生了。漏洞证明：下载最新版PHPMyWind...

7.1AI score

Exploits0

seebug.org•added 2014/02/18 12:0 a.m.•13 views

phpMyWind最新版本注入漏洞

简要描述：在对phpmywind进行代码审计的时候发现一枚明显的注入漏洞，变量未经任何过滤直接带进数据库，虽然程序有sql注入的安全检测和过滤，但可以绕过限制，直接执行任意sql指令。详细说明：漏洞位于order.php 372行处，如图：利用分析：phpmywind采用了80sec的sql过滤函数，之前大牛已经提过可以用@'的方式进行绕过，由于漏洞所在sql语句的查询结果不会直接在order.php上显示，故使用报错注入的方式构造exp，如图：执行后查看源文件，发现注入成功：漏洞证明：漏洞证明如下：...

7.1AI score

Exploits0

seebug.org•added 2014/02/18 12:0 a.m.•22 views

phpmywind最新版本注入漏洞第二弹

简要描述：继续之前的代码审计，发现其他地方还有类似的问题存在，都是没有对变量进行适当的过滤就直接拼接到sql语句里面执行，导致任意sql指令的执行。详细说明：漏洞位于member.php 689行处： $r = $dosql-GetOne"SELECT checkinfo FROM @goodsorder WHERE username='$cuname' AND id=$id"; id参数未做任何过滤直接放到sql语句里面执行。利用分析：...

7AI score

Exploits0

seebug.org•added 2014/02/07 12:0 a.m.•9 views

PHPMyWind 4.6.6 /shoppingcart.php goodsid SQL注入漏洞

No description provided by source...

7.1AI score

Exploits0

seebug.org•added 2014/02/07 12:0 a.m.•9 views

PHPMyWind 4.6.6 /shoppingcart.php SQL注入漏洞

No description provided by source...

7.1AI score

Exploits0

seebug.org•added 2014/01/09 12:0 a.m.•28 views

PHPmywind cms存在sql注入漏洞

简要描述： PHPmywind cms存在前台直接sql注入详细说明： PHPmywind cms存在前台直接sql注入漏洞证明： /product.php?cid= www.bangtai119.com/product.php?cid=6&page=1 http://ybaje.com/product.php?cid=6...

7.1AI score

Exploits0

myhack58•added 2013/06/05 12:0 a.m.•39 views

PHPMyWind CMS v4. 6. 3 Beta permissions bypass and unauthorized access-exploit warning-the black bar safety net

BUG-1: permission to bypass File location: goodsshow.php Problem code: //Do not allow visitors to place orders skip login ifempty$COOKIE'username' /just a simple determination of whether or not is empty header'location:member. php? c=login'; exit; Brief description: username is cookie get, as lon...

0.1AI score

Exploits0

myhack58•added 2013/05/31 12:0 a.m.•24 views

PHPMyWind CMS v4. 6. 3 Beta 0day-vulnerability warning-the black bar safety net

BUG-1: permission to bypass File location: goodsshow.php Problem code: 2 0 //Do not allow visitors under the single jump landing 2 1 ifempty$COOKIE'username' /just a simple determination of whether or not it is empty 2 2 2 3 header'location:member. php? c=login'; 2 4 exit; 2 5 2 6 Brief...

Exploits0

seebug.org•added 2013/01/24 12:0 a.m.•27 views

PHPMyWind 4.5.2 /include/common.inc.php Login-Bypass

No description provided by source...

7.1AI score

Exploits0

myhack58•added 2012/11/20 12:0 a.m.•17 views

PHPMyWind v4. 5. 2 global variable overwrite 0day-vulnerability warning-the black bar safety net

Code: define‘PHPMYWINDINC’, pregreplace“//\\\\1,/”, ‘/’, dirnameFILE; define‘PHPMYWINDROOT’, pregreplace“//\\\\1,/”, ‘/’, substrPHPMYWINDINC, 0, -8; define‘PHPMYWINDDATA’, PHPMYWINDROOT.’/ data’; define‘PHPMYWINDUPLOAD’, PHPMYWINDROOT.’/ uploads’; define‘PHPMYWINDBACKUP’, PHPMYWINDDATA.’/...

7.4AI score

Exploits0

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by