Lucene search
K

74 matches found

seebug.org
seebug.org
added 2013/01/08 12:0 a.m.17 views

ThinkSNS某应用跨站脚本攻击,危害用户

简要描述: ThinkSNS某应用跨站脚本攻击,危害各种自愿上钩的用户 详细说明: ThinkSNS发表日志可进行跨站脚本攻击,愿意看的都会中招 http://t.thinksns.com上进行测试 1.我们先随意插入一张网络图片 2.抓包,修改如下 3.发现document和cookie被滤掉了,但是测试location,果断成功 4.那就好办了,我们可以构造形如下面的链接(友情提示:这只是其中一种最直接的方式,不要滤了这种又不管其他了) 抓包修改 5.看下页面源码与效果 是的,插进去了,...

7.1AI score
Exploits0
0day.today
0day.today
added 2012/12/29 12:0 a.m.27 views

Thinksns Arbitrary File Upload Vulnerability (metasploit)

Exploit for php platform in category remote exploits This is private exploit. You can buy it at https://0day.today...

7.1AI score
Exploits0
0day.today
0day.today
added 2012/12/21 12:0 a.m.20 views

Thinksns Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications This is private exploit. You can buy it at https://0day.today...

7AI score
Exploits0
myhack58
myhack58
added 2012/12/08 12:0 a.m.15 views

ThinkSNS and an arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

A module is not the uploaded file type validation. You can upload any file The code generated location apps\wap\Lib\Action\IndexAction.class.php 2 6 3 row if! empty$FILES'pic''name' // automatically send one picture to Twitter $data'pic' = $FILES'pic'; $data'content' = 'photo-sharing'; $data'from...

0.2AI score
Exploits0
myhack58
myhack58
added 2012/12/02 12:0 a.m.14 views

ThinkSNS 2.8 arbitrary file upload vulnerability and fix-vulnerability warning-the black bar safety net

Microblogging upload pictures only in the front end for validation, the server side does not perform the security filtering. \api\StatusesApi.class.php function uploadpic if $FILES'pic' //Perform the upload operation $develop this program specifically = $this-getSaveTempPath; $filename = md5...

1.4AI score
Exploits0
seebug.org
seebug.org
added 2012/11/23 12:0 a.m.18 views

ThinkSNS某SNS功能极品XSS,通杀WEB和IOS客户端Ⅳ

简要描述: 一直缺少个Ⅳ,补上吧 详细说明: 这次出问题的地方仍然在主要的【日志功能】只是做了简单的字符过滤,效果不是很理想 我可以发表如下日志内容 zzR 轻松绕过 右键参看源码 红果果 漏洞证明: 然后说xsserme有个钓鱼功能就试试了 好像有点过于直白,还是说我没有使用好? 测试是能够收到用户名密码的 不知道有没有上当的- - 接着还是不辞辛苦测试了IOS客户端 https://images.seebug.org/upload/201211/231155539c8af...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/11/17 12:0 a.m.14 views

ThinkSNS日志某处储存性XSS!!!

简要描述: ThinkSNS日志某处储存性XSS!!! 详细说明: http://i.thinksns.com/apps/blog/index.php?s=/Index/addBlog 添加日志-添加分类 在分类处未做处理 导致XSS漏洞的触发 然后发表·· 漏洞证明: 当对方查看你的日志时 XSS代码就会触发 由于日志功能有交互性啊 要是被插入盗取cookie 和XSS蠕虫的代码就。。。。。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/11/08 12:0 a.m.19 views

Thinksns某SNS功能极品XSS,通杀WEB和IOS客户端II

简要描述: 最近流行连载,我也凑个热闹…… 不得不说,同样一个地方,同样的问题,发生了两次,要打程序猿小PP啦 详细说明: 从上次的修改看,是过滤了等特殊字符的过滤 ,但是,问题没有得到解决呀!看图 我可以定义onerror事件,直接利用 照样是发送到首页&并且在点击我的首页时,顺利触发 漏洞证明: 再有 ,我还是不辞劳苦的测试了IOS客户端,效果也是非常明显的 今天没有用xsserme,难道是为xsser节约资源? -0-...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/11/05 12:0 a.m.14 views

THINKSNS某后台权限泄露!

简要描述: THINKSNS后台权限泄露!我终于看到了我梦寐以求的东西 PS:像我这么傻,看到这样的后台不拿shell,不搞基的人少啦! 详细说明: 首先说出问题的地方:留言举报 进去后顺利触发! 后台权限泄露,所有东西看光光! 1· 2·站点配置 3·企业邮件配置(曾经想破解来着,在 这里看到了) 4·用户管理 5· img src="https://images.seebug.org/upload/201211/0516104564a932a8268761487d377...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/10/23 12:0 a.m.20 views

ThinkSNS修改帐号验证不安全,可伪造

简要描述: ThinkSNS开启邮箱验证后修改帐号邮箱发送的连接不安全,可伪造 详细说明: 版本最新的2.8 代码位置: thinksns\addons\services\ValidationService.class.php $validationcode = $this-generateCode$vid; $targeturl = $targeturl . "&validationid=$vid&validationcode=$validationcode"; $res =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/10/22 12:0 a.m.22 views

THINKSNS某功能高危跨站|

简要描述: THINKSNS某功能高危跨站,可跨各种名人堂啊,风云榜选手 详细说明: 一个一个来 1·添加好友分组过滤不严格 看效果 2·第二个地方是发私信的功能,没有交代清楚,导致存储Xss,是个与人交互的地方,危害比较大,可跨各种名人,如果有管理员,应该也没问题 我的私信: 利用xsser.me尝试拖cookie 顺利到手,点击登录 跨你没商量 漏洞证明: img src="https://images.seebug.org/upload/201210/212158566793a5b9a527d93fb5c486e6...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2012/09/29 12:0 a.m.9 views

ThinkSNS 2.5 thumb.php 文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
myhack58
myhack58
added 2012/08/31 12:0 a.m.23 views

Thinksns microblogging system injection vulnerability a gold-bug warning-the black bar safety net

Author: Liuker Blog: www.2bhack.net I recently nothing to do Don't ask me how the audit of the color of the pen don't know what is audit? Visually it is a few friends have seen me audit the code time to give them a screenshot Just get some. In a few days and then engage in several section of the...

0.7AI score
Exploits0
myhack58
myhack58
added 2012/07/25 12:0 a.m.16 views

Thinksns 2.5 to obtain webshell exp-vulnerability warning-the black bar safety net

Problem file: thumb.php Code analysis: ? php / automatic thumbnail parameters of the url|w|h|type="cut/full"|mark="text/image|r" thumb. php? url=/thinksns/data/userface/0 0 0/0 0/0 0/41middleface. jpg? 1 2 4 7 7 1 8 9 8 8&w=2 0&h=2 0 / errorreporting0; settimelimit3 0; $biggestmemorylimit = 2 5 6...

6.9AI score
Exploits0
Rows per page
Query Builder