phpwind 9.0 /res/js/dev/util_libs/jPlayer/Jplayer.swf 跨站脚本漏洞

1、漏洞文件为：http://www.phpwind.net/res/js/dev/utillibs/jPlayer/Jplayer.swf2、反编译后看代码：this.jQuery = loaderInfo.parameters.jQuery + "'" + loaderInfo.parameters.id + "'.jPlayer"; …… private function initarg1:TimerEvent:void this.myInitTimer.stop; if ExternalInterface.available ……...

phpwind 9.0 反射XSS漏洞

No description provided by source...

phpwind V9.0 gbk 20130227 宽字符SQL注入

/wind/db/mysql/WindMysqlPdoAdapter.php中class WindMysqlPdoAdapter extends AbstractWindPdoAdapter / non-PHPdoc @see AbstractWindPdoAdapter::setCharset / public function setCharset$charset $charset && $this-query"set names " . $this-quote$charset . ";"; 字符集问题...

CVE-2015-4134

Open redirect vulnerability in goto.php in phpwind 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter...

Open redirect

Open redirect vulnerability in goto.php in phpwind 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url parameter...

CVE-2015-4134

Open redirect vulnerability in goto.php in phpwind 8.7 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter...

CVE-2015-4135

CVE-2015-4135 is an XSS vulnerability affecting phpwind 8.7, specifically goto.php with the url parameter. The root cause is improper handling of user input leading to injection of arbitrary web script or HTML. Exploitation details or in-the-wild status are not provided in the connected documents...

CVE-2015-4134

Open redirect vulnerability CVE-2015-4134 affects phpwind 8.7, exploitable via the url parameter in goto.php to redirect users to arbitrary websites (phishing risk). Exploitation details, affected versions, and remediations are not provided in the connected documents.

CVE-2015-4135

Cross-site scripting XSS vulnerability in goto.php in phpwind 8.7 allows remote attackers to inject arbitrary web script or HTML via the url parameter...

PHPWind Open Redirect Vulnerability

PHPWind is a set of PHP-based Web forum program . PHPWind has an open redirection vulnerability that allows an attacker to construct a malicious URI, trick the user into parsing it, and redirect the user to an arbitrary WEB site for phishing attacks...

Unspecified Cross-Site Scripting Vulnerability in PHPWind

PHPWind is a set of PHP-based Web forum program . PHPWind suffers from a cross-site scripting vulnerability that allows remote attackers to exploit the vulnerability to inject malicious script or HTML code, which can be used to obtain sensitive information or hijack user sessions when malicious...

phpwind 8.7 Open Redirect

phpwind v8.7 Unvalidated Redirects and Forwards Web Security Vulnerabilities Exploit Title: phpwind v8.7 goto.php? &url Parameter Open Redirect Security Vulnerabilities Product: phpwind Vendor: phpwind Vulnerable Versions: v8.7 Tested Version: v8.7 Advisory Publication: May 24, 2015 Latest Update...

phpwind 8.7 Cross Site Scripting

phpwind v8.7 XSS Cross-site Scripting Web Security Vulnerabilities Exploit Title: phpwind v8.7 goto.php? &url Parameter XSS Security Vulnerabilities Product: phpwind Vendor: phpwind Vulnerable Versions: v8.7 Tested Version: v8.7 Advisory Publication: May 25, 2015 Latest Update: May 25, 2015...

phpwind前台任意代码执行(需要一定权限)

简要描述： 任意代码执行漏洞，默认总版主权限即可，影响9.0和9.0.1 详细说明： 门户的其他模型可以自定义html，没有使用filterTemplate安全过滤函数，可以写入php代码，会直接作为模板代码被执行。 利用该漏洞需要有编辑模块的权限，管理员或总版主默认有此权限。得到相关权限后在前台即可利用。 漏洞证明：...

PHPWind 7.5 /apps/groups/index.php 远程文件包含漏洞

No description provided by source...

PHPWind Showpic plugin /showpic.php 任意文件下载漏洞

No description provided by source...

phpwind can bypass the verification code to continue the violent crack users, demo demo-a vulnerability warning-the black bar safety net

First came to phpwind official website to see, found phpwind has been updated to 9. 0, website is the latest program ! 1. png Then came the landing place can be seen, the site has CAPTCHA restrictions, sank half） ! 2. png Then pick an account login see, the input error will find that there are th...

phpwind Arbitrary Code Execution Vulnerability

PHPWind is one of the more popular PHP-based Web forum program. phpwind exists arbitrary code execution vulnerability, due to the portal template code security filter function filterTemplate defective, filtering incomplete, resulting in can write php code and execution. Allow attackers with edit...

A PHPWIND can take the shell of the high-risk vulnerabilities-vulnerability warning-the black bar safety net

Didn't think PHPWIND make a and PHPCMS same vulnerability. In src/applications/windidserver/api/controller/AppController. php within the code: code area public function listAction $result = $this-getAppDs-getList; $this-output$result; How you can get access to the interface of the key is? View...