164 matches found
Sql injection
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb parameter, related to the "--backup database" option...
CVE-2019-6691
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb parameter, related to the "--backup database" option...
CVE-2019-6691
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb parameter, related to the "--backup database" option...
CVE-2019-6691
phpwind 9.0.2.170426 UTF8 allows SQL Injection via the admin.php?m=backup&c=backup&a=doback tabledb parameter, related to the "--backup database" option...
CVE-2019-6691
CVE-2019-6691 affects phpwind 9.0.2.170426 (UTF8). The vulnerability is an SQL injection triggered by the parameter admin.php?m=backup&c=backup&a=doback tabledb[] in the --backup database option, indicating the backup functionality is exploitable. Root cause details are not fully enumerated in th...
PHPwind Backend SQL Injection Vulnerability
PHPWind is a set of PHP-based Web forum program . A SQL injection vulnerability exists in the PHPwind backend. An attacker can exploit the vulnerability to execute SQL statements...
phpwind9. x Md5 Padding Extension vulnerability analysis-vulnerability warning-the black bar safety net
0x00 Preface This is one of the more interesting vulnerabilities, exploits already in the clouds online submitted http://www.wooyun.org/bugs/wooyun-2016-0210850 that official has also released a patch(http://www.phpwind.net/read/3709549 that 并且 安全 研究员 phithon 也 第一时间 发出 了 他 的 漏洞 分析...
phpwind9.x 通讯秘钥安全漏洞
来源链接:phpwind 利用哈希长度扩展攻击进行getshell 一哥新发的漏洞,还是蛮屌的: http://www.wooyun.org/bugs/wooyun-2016-0210850。分析补丁( http://www.phpwind.net/read/3709549 )加上一些风闻,我得知利用的是哈希长度扩展攻击。之前CTF中经常出境的MD5 Length Extension Attack,终于在实战中露了一次面。 0x01 漏洞点分析 phpwind逻辑太冗杂了,一看就是java程序员开发的。...
Phpwind的v4/5/6/7/8 hack/bank/index.php命令执行漏洞
No description provided by source...
phpwind src/applications/windidserver/api/controller/AppController.php 信息泄漏漏洞
No description provided by source...
PHPWind 8.3 /apps/group/admin/manage.php SQL注入漏洞
No description provided by source...
phpwind <v6 sort.php 命令执行漏洞
No description provided by source...
phpwind v6.0 存在命令执行漏洞
No description provided by source...
phpwind命令执行getshell(后台)
简要描述: 官网下载最新版 详细说明: v9.0.1 搭建好,登陆 在门户里选择页面管理,新增模块。自定义html 写入phpinfo,提交,然后调用代码 选择调用站外代,复制连接,访问 调用xml,json都可以。以xml为例, http://127.0.0.1/phpwind/www/index.php?m=design&c=api&token=RTwtIGEOYM&id=5&format=xml 去掉xml,会执行phpinfo img src="https://images...
phpwind 9.0 /res/js/dev/util_libs/syntaxHihglighter/scripts/clipboard.swf 跨站脚本漏洞
No description provided by source...
phpwind 9.0 /res/js/dev/util_libs/syntaxHihglighter/scripts/clipboard.swf 跨站脚本漏洞
No description provided by source...
phpwind V9.0 /windid/admin.php 验证码绕过漏洞
No description provided by source...
PHPWind swfupload.swf flash xss
No description provided by source...
Phpwind的v4/5/6/7/8命令执行漏洞
简要描述: 07年那阵挖掘的漏洞,正好这次三个白帽搞了个挑战,借这个机会曝光吧,外面估计也有部分人知道这个吧:) 详细说明: hack/bank/index.php $DDESPOSTDB=array; $query=$db-query"SELECT i.uid,username,ddeposit,dstartdate FROM pwmemberinfo i LEFT JOIN pwmembers m ON m.uid=i.uid ORDER BY ddeposit DESC LIMIT $bknum"; while$deposit=$db-fetcharray$query...
phpwind v8.7 /goto.php 跨站脚本漏洞
No description provided by source...