SQL Injection Vulnerability in TCCMS (CNVD-2021-51270)

TCCMS is a content management system . Its core framework TC, with a large amount of data , high concurrency , easy to expand and so on. TCCMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in TCCMS (CNVD-2021-51271)

TCCMS is a content management system . Its core framework TC, with a large amount of data , high concurrency , easy to expand and so on. TCCMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in TCCMS (CNVD-2021-51272)

TCCMS is a content management system . Its core framework TC, with a large amount of data , high concurrency , easy to expand and so on. TCCMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in TCCMS

TCCMS is a content management system . Its core framework TC, with a large amount of data , high concurrency , easy to expand and so on. TCCMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

SQL Injection Vulnerability in TCCMS (CNVD-2021-51273)

TCCMS is a content management system . Its core framework TC, with a large amount of data , high concurrency , easy to expand and so on. TCCMS has a SQL injection vulnerability, which can be exploited by attackers to obtain sensitive database information...

TCcms v9. 0 /app/controller/user.class.php parameters userId SQL injection vulnerability

0x01 vulnerability profile TCcms v9. 0 version in the file/app/controller/user. class. php at the parameters userId the presence of SQL injection vulnerabilities. 0x02 vulnerability analysis 先看文件/app/model/newsAction.class.php that 108 row begin public function getCountByUid $info =...

TCCMS v9.0 user.class.php sql注入漏洞

No description provided by source...

TCCMS在app/controller/news.class.php存在sql注入漏洞

漏洞成因 在app/controller/news.class.php中all函数对参数过滤不严 public function all $this-userIsLogin ; $Obj = M$this-objName; $categoryObj = M"category"; $Obj-pageSize = 20; $where = "1=1"; $key = StringUtil::GetSQLValueString$POST'key'; $cid = intval$GET'cid'; if $key != "" $where .= " and title like...

TCCMS V9.0 本地文件包含漏洞

No description provided by source...

TCCMSV9.0 Latest Version SQL Injection Vulnerability

TCCMS is a content management system. TCCMSV9.0 has multiple SQL injection vulnerabilities in app/controller/news.class.php, which can be exploited by attackers to either obtain sensitive database information...

某CMS存在越权漏洞(任意用户信息修改)

简要描述： TCCMS V8.0存在越权漏洞任意用户信息修改 详细说明： 测试账号A snake 密码123123 测试账号B heise 密码123123 账号A id=659 账号B id=660 越权修改账号A的信息 成功修改 漏洞证明： 测试账号A snake 密码123123 测试账号B heise 密码123123 账号A id=659 账号B id=660 img src="https://images.seebug.org/upload...

TCCMS v9.0 /system/core/controller.class.php SQL注入漏洞

No description provided by source...

TCCMS /app/controller/user.class.php 权限提升漏洞

No description provided by source...

TCCMS 9.0 /system/core/controller.class.php SQL注入漏洞

No description provided by source...

Tccms sql注入一枚。（绕过防护机制）

简要描述： rt 详细说明： 直接看到/app/model/attackAction.class.php这个文件 public function initLogHacker /get/ foreach$GET as $key=$value if !inarray$key, array'ac','a','c','do'//防止控制器和方法命名不规范被过滤 $this-StopAttack$key,$value,"get",$this-getfilter; $GET$key = StringUtil::safereplace$value; $GET$key =...

TCCMS BBS论坛 存储型xss

简要描述： TCCMS BBS论坛 存储型xss 详细说明： 漏洞url:http://bbs.teamcen.com/index.php?ac=indexinfo&bid=8&m=bbs&id=48reply 黑盒测试的 ，这个cms在本地进行了过滤，所以本地怎么改都触发不了xss 但是只要抓包，在把html语句插入进去就会执行 我插入的xss代码 内容 " 都可以执行，不然你可以访问上面的url看看 漏洞证明：...

TCCMS-PHP内容管理系统存储型xss

简要描述： 存储型xss 详细说明： 发帖时没过滤好黑名单 导致可绕过 进行xss url:http://bbs.teamcen.com/thread-3-10.html 使用的payload： 当然你想要获取cookies也行 payload换成 只要是base64解码就行 漏洞证明： 过...

tccms v8 注入一枚

简要描述： 过滤不严。 详细说明： 在app/controller/picture.class.php 中 public $objName = 'picture'; public function all $Obj = M$this-objName; $categoryObj = M"category"; $Obj-pageSize = 20; $where = "1=1"; $key = $POST'key'; $cid = $GET'cid'; if $key != "" $where .= " and id = '" . $key . "' or title like...

TCCMS （最新）8.0 后台GETSHELL （源码详析）

简要描述： TCCMS 8.0 BBS版（目前官网最新）后台一处设计不当可GETSHELL 详细说明： /app/admin/tempalate.class.php line:79 public function Save $msgObj = new Msg; $path = ROOTPATH . "/templates/" . Config::get"tdir"; $fullPath = $path . "/" . $POST"name"; //居然直接从POST里面取得文件名，虽然前台没有改文件名的地方，但是只要提供一个有效的post name 就可以上传任意文件了 $handle ...

TCCMS SQL注入 一个文件多处注入之二

简要描述： 之前看了厂商的回复说的是文章列表那个页面有问题，这次我提交的是图片列表页面存在注入 详细说明： app\controller\picture.class.php 代码如下 public function all $Obj = M$this-objName; $categoryObj = M"category"; $Obj-pageSize = 20; $where = "1=1"; $key = $POST'key'; $cid = $GET'cid'; if $key != "" $where .= " and id = '" . $key . "' or title li...