58 matches found
sablog 1.6 trackback.php转码函数注入漏洞
Sablog-X是一个采用PHP和MySQL构建的博客系统.作为Sablog的后继产品,Sablog-X在代码质量,运行效率,负载能力,安全等级,功能可操控性和权限严密性等方面都在原有的基础上,更上一层楼.凭借Sablog-X作者7年多的安全技术经验,4年的PHP开发经验,强于创新,追求完美的设计理念,使得Sablog-X已获得业内越来越多专家和用户的认可.但是80sec在其中的代码里发现一个安全漏洞,导致远程用户通过SQL注射获得数据库权限,甚至获得管理员权限。 在sablog的trackback.php中的转码函数 function iconv2utf$chs global...
CVE-2007-1989
Multiple cross-site scripting XSS vulnerabilities in DotClear before 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the 1 postid parameter to ecrire/trackback.php or the 2 toolurl parameter to tools/thememng/index.php. NOTE: some of these details are obtained from third...
DEBIAN-CVE-2007-0233
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tbid parameter. NOTE: it could b...
CVE-2007-0233
wp-trackback.php in WordPress 2.0.6 and earlier does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote attackers to execute arbitrary SQL commands via the tbid parameter. NOTE: it could b...
WordPress Trackback 'wp-trackback.php' 'tb_id' Parameter SQL Injection
The version of WordPress on the remote host fails to properly sanitize input to the 'tbid' parameter of the 'wp-trackback.php' script before using it in database queries. An unauthenticated, remote attacker can leverage this issue to launch SQL injection attacks against the affected application,...
WordPress Trackback Charset Decoding SQL Injection
The version of WordPress on the remote host supports trackbacks in alternate character sets and decodes them after escaping SQL parameters. By specifying an alternate character set and encoding input with that character set while submitting a trackback, an unauthenticated, remote attacker can...
WordPress Charset解抹SQL注入漏洞
WordPress是一款流行的网络日记程序。 WordPress处理字符集解码存在问题,远程攻击者可以利用漏洞进行SQL注入攻击,获得敏感信息。 在当PHP的mbstring扩展激活时,WordPress支持使用不同字符集解码Trackback,因为解码发送在数据库为输入数据执行选择正确的字符集之前,因此允许绕过针对SQL注入的保护。 为了演示需要,Stefan Esser建议使用UTF-7字符集来利用,因为其他的多字节字符集允许多字节序列以''结尾。...
WordPress Core 2.0.5 - Trackback UTF-7 SQL Injection
!/usr/bin/python | || | | | | | | | || || \ | |/ || '|/ |/ -| ' \ / -/ |||| /| || / ||||,||| ,|||||||,| || |||||| Proof of concept code from the Hardened-PHP Project NOT FOR DISTRIBUTION PLEASE DO NOT SPREAD THIS CODE -= Wordpress 2.0.5 =- Trackback UTF-7 SQL injection exploit beware of...
WordPress 2.0.5 - Trackback UTF-7 SQL Injection
WordPress 2.0.5 - Trackback UTF-7 SQL Injection !/usr/bin/python | || | | | | | | | || || \ | |/ || '|/ |/ -| ' \ / -/ |||| /| || / ||||,||| ,|||||||,| || |||||| Proof of concept code from the Hardened-PHP Project NOT FOR DISTRIBUTION PLEASE DO NOT SPREAD THIS CODE -= Wordpress 2.0.5 =-...
Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit
Exploit for unknown platform in category web applications ============================================================ Wordpress 2.0.5 Trackback UTF-7 Remote SQL Injection Exploit ============================================================ !/usr/bin/python | || | | | | | | | || || \ | |/ || '|/...
CVE-2006-6540
SQL injection vulnerability in bt-trackback.php in Bluetrait before 1.2.0, when trackback is enabled, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information...
CVE-2006-6540
SQL injection vulnerability in bt-trackback.php in Bluetrait before 1.2.0, when trackback is enabled, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. NOTE: some of these details are obtained from third party information...
mybloggie214.txt
!/usr/bin/php -q -d shortopentag=on = 4.1 allowing subs / if $argctrackbackreply1, "Sorry, Trackback failed.. Reason : No title"; if!empty$REQUEST'url' $url=urldecode$REQUEST'url'; if validateurl$url==false $tback-trackbackreply1, "Sorry, Trackback failed.. Reason : URL not valid"; else $tback-tr...
CVE-2005-3957
Technical details for CVE-2005-3957 are not publicly available in the provided documents. No concrete affected products, versions, or impact are specified here. Monitor for updates.
CVE-2005-3957
Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors...
CVE-2005-3957
Unspecified vulnerability in the Trackback functionality in DotClear 1.2.1 has unknown impact and attack vectors...
CVE-2005-2010
Cross-site scripting XSS vulnerability in trackback.asp in Ublog Reload 1.0.5 allows remote attackers to inject arbitrary web script or HTML via the btitle parameter...
DEBIAN-CVE-2005-1687
SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and earlier allows remote attackers to execute arbitrary SQL commands via the tbid parameter...