Comsenz SupeSite CMS 'title' field HTML injection vulnerability

Comsenz SupeSite CMS is a content management system CMS of China Comsenz Comsenz. The system provides information management , information publishing , information review , information classification , information field customization and other functions . An HTML injection vulnerability exists in...

Comsenz SupeSite CMS 7.0 Cross Site Scripting

Comsenz SupeSite CMS 7.0 Stored XSS Cross-site Scripting Security Vulnerabilities Exploit Title: Comsenz SupeSite CMS 7.0 Stored XSS Security Vulnerabilities Product: Supesite CMS Content Management System Vendor: ComSenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0 Advisory Publication:...

Comsenz SupeSite CMS SQL Injection Vulnerability

Comsenz SupeSite 7.0 CMS is a content management system developed by Comsenz. Comsenz SupeSite 7.0 CMS "batch.common.php" fails to properly filter user-submitted inputs for the "name" parameter, allowing remote attackers to submit specially crafted SQL queries to manipulate or obtain database dat...

Comsenz SupeSite CMS 7.0 SQL Injection

Comsenz SupeSite 7.0 CMS SQL Injection Security Vulnerabilities Exploit Title: Comsenz SupeSite CMS SQL Injection Security Vulnerabilities Product: SupeSite CMS Content Management System Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0 Advisory Publication: March 14, 2015 Late...

Comsenz SupeSite CMS Arbitrary Code Execution Vulnerability

Comsenz SupeSite CMS is a content management system CMS of China Comsenz Comsenz. An arbitrary code execution vulnerability exists in Comsenz SupeSite CMS, which arises from the program failing to adequately filter user-submitted input. An attacker could exploit this vulnerability to execute...

Comsenz SupeSite CMS 'cp.php' Cross-Site Scripting Vulnerability

Comsenz SupeSite CMS is a content management system CMS of China Comsenz Comsenz. A cross-site scripting vulnerability exists in Comsenz SupeSite CMS, which arises from the program's failure to adequately filter user-submitted input. When a user browses the affected site, their browser will execu...

Comsenz SupeSite CMS 7.0 Code Execution

Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities Exploit Title: Comsenz SupeSite CMS Arbitrary Code Execution Security Vulnerabilities Product: SupeSite CMS Content Management System Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0 Advisory Publication: F...

Comsenz SupeSite CMS 7.0 Cross Site Scripting

Comsenz SupeSite CMS Reflected XSS Cross-site Scripting Security Vulnerabilities Exploit Title: Comsenz SupeSite CMS /cp.php do parameter Reflected XSS Security Vulnerabilities Product: SupeSite CMS Content Management System Vendor: Comsenz Vulnerable Versions: 6.0.1UC 7.0 Tested Version: 7.0...

Supesite 前台注入之四 (select) 及一个小问题。

简要描述： 集齐了supesite的 Select Update insert delete 注入 准备召唤神兽了。 详细说明： 小问题 supesite 备份数据库的路径为 data/backupSAS2n5/141007Pwok71Ei-1.sql backup随机字符/日期随机字符.sql 但是这样的在win apache下 很容易用短文件名找到 写个字典 141007声称类似的时间 然后枚举就行了。 注入 batch.common.php $name = empty$GET'name'?'':trim$GET'name'; $cid =...

Supesite 前台注入 #2 (Insert)

简要描述： Insert 无视GPC 装supesite会有ucenter 如果在一个裤的话 可以尝试把uckey注入出来 然后…… 详细说明： 来看看全局文件 if!getmagicquotesgpc $GET = saddslashes$GET; $POST = saddslashes$POST; $COOKIE = saddslashes$COOKIE; 判断gpc 是否开启 如果没有开启 就对get post cookie 转义 这里没有对files转义。 在batch.upload.php中 elseif !empty$POST //如果POST不为空 //编辑标题...

Supesite 前台注入 #3 (Delete)

简要描述： Delete 如果ucenter和supesite在一个裤的话 可以尝试把uckey注入出来 然后…… 详细说明： 在cp.php中 $ac = empty$GET'ac' ? 'profile' : trim$GET'ac'; ifinarray$ac, array'index', 'news', 'profile', 'credit', 'models' includeonceSROOT.'./source/cp'.$ac.'.php'; 包含进来 在source/cpnews.php中 ifempty$itemid //这里让$itemid 不为空...

Supesite 前台二次注入一枚

简要描述： 二次猪肉。 详细说明： 在cp.php中 $ac = empty$GET'ac' ? 'profile' : trim$GET'ac'; ifinarray$ac, array'index', 'news', 'profile', 'credit', 'models' includeonceSROOT.'./source/cp'.$ac.'.php'; 包含文件进来 在source/cpnews.php中 $newsarr = array'subject' = $POST'subject', 'catid' = $POST'catid', 'type' =...

Supesite 注入一枚 (可提升自己为管理)

简要描述： Supesite 注入出的密码 基本都破不出来 如果能够直接提升自己为管理员 或者 自己修改管理的密码那就再好不过了。 忙里偷闲。 详细说明： 在index.php中 if$SGET'action' != 'index' ifempty$channels'menus'$SGET'action''upnameid' && $channels'menus'$SGET'action''upnameid' != 'news' $scriptfile = SROOT.'./'.$SGET'action'.'.php'; else $scriptfile =...

SupeSite 7.5 background upload webshell-vulnerability warning-the black bar safety net

Get the webshell method without any technical content. the. There are many online similar. But, this see online also not, their just at once get a webshell in the process of discovery, so it sends to, Of course, related many examples. For example, the following two. Example 1: the Wordpress...