27 matches found
CVE-2021-23383
The package handlebars before 4.7.7 are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source...
Remote Code Execution (RCE)
Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Remote Code Execution RCE when selecting certain compiling options to compile templates coming from an untrusted source. POC // compile the template var s = with lookupGett...
Prototype Pollution
Overview handlebars is an extension to the Mustache templating language. Affected versions of this package are vulnerable to Prototype Pollution when selecting certain compiling options to compile templates coming from an untrusted source. POC // compile the template var s2 = 'a/." ||...
Design/Logic Flaw
The dot package v1.1.2 uses Function to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype...
Command Injection in dot
All versions of dot are vulnerable to Command Injection. The template compilation may execute arbitrary commands if an attacker can inject code in the template or if a Prototype Pollution-like vulnerability can be exploited to alter an Object's prototype...
一步步击溃PHPYUN(另类方法绕过防注入)
简要描述: 由某处SQL注入引起,最终通过组合漏洞击溃PHPYUN 详细说明: 测试版本:PHPYUN 3.1 GBK beta 20140728 PHPYUN使用了两套waf,一套自己写的,一套360的,从第一套开始。 \data\db.safety.php: quotesGPC; // 效果:addslashes if$config'syistemplate'!='1' || md5md5$config'sysafekey'.$GET'm'!=$POST'safekey' foreach$POST as $id=$v safesql$id,$v,"POST",$config; $id...
perl Locale::Maketext code execution
It's possible to call external functions on template compilation...