Sablog-X V2. X admin permissions spoofing and arbitrary variable overwrite vulnerability-vulnerability warning-the black bar safety net

Sablog-X is a PHP and MySQL build a blog system. Affected version:Sablog-X-2. x Said First admin permission spoofing vulnerability Due to the Sablog-x v2. x the back-end authentication process there is a serious logical problem, and leads to the special structure of the cookie log in directly to...

Sablog-X 2.0 admin permissions spoofing vulnerability-vulnerability warning-the black bar safety net

Published:2010-02-24 Affected version: Sablog-X 2.0 Vulnerability description: // cp.php if !$ saxuid || !$ saxpw || !$ saxlogincount || !$ saxhash // As long as this condition is not satisfied,it can be through the background of the permission to verify. loginpage; ... if $saxgroup == 1 // If yo...

Sablog-X 2.0 后台管理权限欺骗漏洞

// cp.php if !$saxuid || !$saxpw || !$saxlogincount || !$saxhash // 只要这个条件不满足,就可以通过后台的权限验证了 loginpage; ... if $saxgroup == 1 // 如果要获得管理员权限,还必须保证$saxgroup的值为1 ... 下面来看下这几个变量是怎么来的 // common.inc.php list$saxuid, $saxpw, $saxlogincount = $COOKIE'saxauth' ? explode"\t", authcode$COOKIE'saxauth',...

Sablog-X v2. x is an arbitrary variable overwrite vulnerability-vulnerability warning-the black bar safety net

author: 80vul-B team:http://www. 80vul. com A description of Syria: the Due to the Sablog-x v2. x common. inc. php in the$EVO the initialization process there is a logical vulnerability, leading to can use extractto overwrite any of the variables, eventually leading toxss, sql injection, code...

Sablog-X v2.x 任意变量覆盖漏洞

由于Sablog-x v2.x的common.inc.php里$EVO初始化处理存在逻辑漏洞，导致可以利用extract来覆盖任意变量，最终导致xss、sql注射、代码执行等很多严重的安全漏洞。 common.inc.php代码里： .... $onoff = functionexists'iniget' ? iniget'registerglobals' : getcfgvar'registerglobals'; if $onoff != 1 @extract$COOKIE, EXTRSKIP; @extract$POST, EXTRSKIP; @extract$GET,...

sablog-X v1.6 $page数值类型转换漏洞

sablog是国内安全研究人员写的一款blog程序。数值类型转换存在漏洞。 系统对分页函数$page处理上存在问题。 如果$page的参数为负数的话，程序就会出错。如：http://luoq.net/?page=-1 1是数字，-1就是字符了。暂且叫做数值类型转换上的问题吧。不过没有办法利用。哈哈。比较非主流。 sablog-X v1.6 对$page进行处理。 $page = isset$GET'page' ? max0, intval$GET'page' : 0;...

SaBlog-X 1.5 storm library vulnerability-vulnerability warning-the black bar safety net

vendor site:http://www. vbulletin. com/ product:vbulletin 3.6.6 bug: permanent xss affected file: calendar.php risk : medium xss permanent must be loggued PoC : http://127.0.0.1/vbulletin/calendar.php?do=add&type=single&c=1 - fill up the title field with : /titlescriptalertdocument. cookie/script...

sablog 1.6 trackback.php转码函数注入漏洞

Sablog-X是一个采用PHP和MySQL构建的博客系统.作为Sablog的后继产品,Sablog-X在代码质量,运行效率,负载能力,安全等级,功能可操控性和权限严密性等方面都在原有的基础上,更上一层楼.凭借Sablog-X作者7年多的安全技术经验,4年的PHP开发经验,强于创新,追求完美的设计理念,使得Sablog-X已获得业内越来越多专家和用户的认可.但是80sec在其中的代码里发现一个安全漏洞，导致远程用户通过SQL注射获得数据库权限，甚至获得管理员权限。 在sablog的trackback.php中的转码函数 function iconv2utf$chs global...

SaBlog-X 1.5 storm path-vulnerability warning-the black bar safety net

Source: Amxku blog www.amxku.net common.php $options'gzipcompress' && functionexists'obgzhandler' ? obstart'obgzhandler' : obstart; Changed to: $options'gzipcompress' && functionexists'obgzhandler' ? @obstart'obgzhandler' : obstart; Discuz! Before seems to have there been such problems...