Two File Upload Vulnerabilities Exist in Website Builder Star Backend

Ltd., is a cloud computing-based Internet application service provider. There are file upload vulnerabilities in the background of sitestar 1 banner scroll bar edit-select single image upload and 2 product management in the background-edit more image upload. Allow attackers to upload webshell and...

SiteStar 2.7 mod_user.php 用户信息修改漏洞

No description provided by source...

建站之星Sitestar设计缺陷可CSRF修改管理员密码

简要描述： 没有技术含量的洞。！ 详细说明： WooYun: 建站之星敏感功能csrf 可dump数据库 对于这个洞中厂商的回复感觉坑爹，再来一处CSRF提醒下厂商。 强烈建议查下CSRF的介绍。 /admin/index.php?m=moduser&a=adminupdate&userid=1&passwdpasswd=123123&passwdrepasswd=123123&[email protected]&useractive=1&usersrole=admin&userfullname=&usermobile=&submit=%E4%BF%9D%E5%AD%98...

建站之星Sitestar设计缺陷可dump数据库（有条件）

简要描述： 有条件的缺陷。 详细说明： 还是短文件名的问题，这种设计就是一个缺陷。 首先看下默认情况备份以后的文件名，每次备份会产生两个文件 一个为sql，一个是经过压缩的zip backup20140816134106v1.sql backup20140816134106v.zip 可以看到是 backup日期时间v 这样的结构 超过了9个字符，可以利用短文件名漏洞 只要管理员备份过文件，就可以利用 backup1.zip backup1.sql 漏洞证明：...

sitestar v2.7 /uploadify.php 文件上传漏洞

No description provided by source...

建站之星Sitestar官方注入漏洞

简要描述： 注入 详细说明： http://bbs.sitestar.cn/faq.php?action=grouppermission&gids99='&gids1000=%20and%20select%201%20from%20select%20count,concatversion,floorrand02x%20from%20informationschema.tables%20group%20by%20xa%23 漏洞证明： Discuz! info: MySQL Query Error Time: 2014-7-2 4:59pm Script: /faq.php SQL:...

建站之星Sitestar二次注入一枚

简要描述： 过滤不严。 详细说明： 在注册用户的时候 只是对一些特殊字符进行了转义。 有长度限制。 没有过滤。 造成了二次猪肉。 首先注册一个 123',1,15,0,1,user 在module/modemail.php中 public function domail global $db; $title = ParamHolder::get"title"; $msg = ParamHolder::get"emails"; $msg .= ParamHolder::get"emailm"; $roles = ParamHolder::get"role"; $type =...

Sitestar 2.7 /mod_auth.php 本地文件包含漏洞

No description provided by source...

Sitestar 2.7 /mod_email.php SQL注入漏洞

No description provided by source...

建站之星Sitestar某注入漏洞修复不当可继续绕过#2

简要描述： 屌丝周末终于又放假了。 继续看看。 过滤不严。 详细说明： WooYun: 建站之星 Sitestar 注入漏洞一枚 这个漏洞发布的补丁过滤不完善。 看看发布的补丁修改的地方 foreach $roles as $k=$row //2014.3.31 filter roles if!inarray$row, $uallroles die'access violation error!'; 这里过滤了。 但是只过滤了这一处。 在其他地方 还能注入。 if !empty$type && $type=='single' //单个邮件发送 if empty$useremail ech...

建站之星Sitestar前台Getshell一枚

简要描述： 看sitestar 在某数字公司还是属于一般应用的, 就准备提数字了。 太坑了 然后果断拒绝提交详情。 还是提到乌云来把。 不知道sitestar在乌云是不是属于一般应用的? 狗哥给个回应哈。 Sitestar 前台Getshell。 无需登录。 详细说明： 在官方论坛上下的最新版 在 install/index.php中 define'INCONTEXT', 1; includeonce'load.php'; ? 包含进来 那再继续看看。 $lockfile = ROOT.'/install.lock'; $patterndb = '/0-9a-zA-Z$/';...

SiteStar 2.7 /module/mod_tool.php 文件上传漏洞

No description provided by source...

建站之星后台任意文件读取

简要描述： 下载官方最新安装包，并去官方论坛打上了所有补丁。 详细说明： 访问：http:/target/sitestar/admin/index.php?m=../../robots.txt%00&a=adminadd robots.txt是系统自带，虽然是后台文件，但是其实无需管理员权限即可访问 如图： win下:http://target/sitestar/admin/index.php?m=../../../../../../../../../../windows/win.ini%00.jpg&a=adminadd...

SiteStar 2.6 安全模式绕过

No description provided by source...

The establishment of the station star sitestar v2. 5 the file that contains the exploit and fix-vulnerability warning-the black bar safety net

Inadvertently found that the establishment of the station star sitestar a tasteless file contains vulnerabilities, WVS scan a friends website, find the prompt with the following file include vulnerability index. php? a=fullist&m=../../../../../../../../../../etc/passwd%00.jpg admin/index. php?...

sitestar the latest pass to kill 0day-vulnerability warning-the black bar safety net

The establishment of the station star sitestar V1. 3 program vulnerability out of the editor FCKEDITOR is. Author: udb311 Test: And Fckeditor 2.4.2 vulnerability. No media restrictions. If the server is based on WINDOWS, you can also build a a. asp directory. And then use IIS to parse vulnerabili...

SiteStar the establishment of the station star V2. 0 security-vulnerability warning-the black bar safety net

author: cnryan 1vulnerability overview: SiteStar V2. 0 does not properly restrict file uploads, a remote attacker could exploit this vulnerability to upload arbitrary files to the Web directory, The final result in the server executing arbitrary commands. 2vulnerability analysis: Vulnerability is...

The establishment of the station star SiteStar V2. 0 Upload vulnerability-vulnerability warning-the black bar safety net

SiteStar V2. 0 does not properly restrict file uploads, a remote attacker could exploit this vulnerability to upload arbitrary files to the Web directory, The final result in the server executing arbitrary commands. Vulnerability is generated in the /script/multiupload/uploadify. php file: ? php ...

SiteStar V2.0 任意文件上传漏洞

SiteStar V2.0没有正确限制文件的上传，远程攻击者可能利用此漏洞上传任意文件到Web目录，最终导致在服务器上执行任意命令。 /script/multiupload/uploadify.php 文件： ?php if !empty$FILES $tempFile = $FILES'Filedata''tmpname'; $targetPath = $SERVER'DOCUMENTROOT' . $POST'folder' . '/'; $targetFile = strreplace'//','/',$targetPath . $FILES'Filedata''name'; //...

The establishment of the station star Sitestar v1. 3 FCK upload vulnerability-vulnerability warning-the black bar safety net

Release date: 2011-01. 1 4 Publishing author: xiaocao Affected versions: V1. 3 Official website: http://www.sitestar.cn/ Vulnerability type: file upload Vulnerability description: this vulnerability only applies to Windows IIS6, is the FCK editor is causing,as long as it is built up of the client...