18 matches found
EUVD-2010-4876
Malware in sbrugna...
UCenter Home cp_magic.php suffers from SQL injection vulnerability
UCenter Home is a set of social network software Social Network Software, abbreviated as SNS built with PHP+MYSQL. A SQL injection vulnerability exists in UCenter Home cpmagic.php. Because the program fails to filter user input, an attacker can obtain sensitive database information by submitting...
UCenter Home 2.0 /shop.php SQL注入漏洞
No description provided by source...
Ucenter Home最新版SQL注入两处
简要描述: Ucenter Home最新版SQL注入两处,比较隐蔽 详细说明: 在编辑日志处 文件cpblog.php: //添加编辑操作 ifsubmitcheck'blogsubmit' ifempty$blog'blogid' $blog = array; else if!checkperm'allowblog' ckspacelog; showmessage'noauthoritytoaddlog'; //验证码 ifcheckperm'seccode' && !ckseccode$POST'seccode' showmessage'incorrectcode';...
Ucenter Home最新版SQL注入三处
简要描述: Ucenter Home最新版SQL注入三处 详细说明: 从官方下载最新版Ucenter Home 第一处SQL注入: 个人设置——个人资料——基本资料 文件/source/cpprofile.php: if$GET'op' == 'base' ifsubmitcheck'profilesubmit' || submitcheck'nextsubmit' if!@includeonceSROOT.'./data/dataprofilefield.php' includeonceSROOT.'./source/functioncache.php';...
UCenter Home 2.0 - SQL Injection Vulnerability
No description provided by source. --==UCenter Home 2.0 -0day Remote SQL Injection Vulnerability==-- / Author : KnocKout / Greatz : DaiMon,BARCOD3,RiskY and iranian hackers / Contact: [email protected] / Cyber-Warrior.org/CWKnocKout --==--==--==--==--==--==--==--==--==--== Script : UCenter Home...
UCenter Home 2.0 the music box plug-in tasteless injection use-vulnerability warning-the black bar safety net
The problem occurs in the plug-in is musicbox, by the above keyword search will find some to enable this plugin site, in the URL after the“’”error, put in a SQLmap, run the next, almost always there is the injection. ! ! ! Repair solutions: Filter...
UCenter Home 2.0某插件鸡肋注入漏洞(不知道是不是0day)
简要描述: 某个插件的问题,不知道是不是0day 详细说明: 影响版本:UCenter Home 2.0 关键词:inurl:musicbox.php?do= inurl:do=musicbox Powered by UCenter Home 2.0 inurl:space.php?do=musicbox 发生问题的插件是musicbox,通过上面的关键字进行检索后会找到一些启用了这个插件的站点,在网址后加“'”会报错,放入SQLmap中跑了下,几乎都存在注入。 漏洞证明:...
Ucenter Home 2.0及以下存储型XSS
简要描述: 以后腾讯的洞发在乌云。 详细说明: 【漏洞原理】 编辑器插入视频input过滤不严,导致日志和群组模块发帖可插入代码。 【测试代码】 发帖包含以下代码: flashhttp://"...
CVE-2010-4912
SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action...
Sql injection
SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action...
CVE-2010-4912
CVE-2010-4912 affects UCenter Home 2.0. The vulnerability is a SQL injection in the shop.php file, exploitable via the shopid parameter in a view action, allowing remote attackers to execute arbitrary SQL commands. The NVD entry lists a base score of 7.5 (HIGH) with network attack vector and low ...
CVE-2010-4912
SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action...
UCenter Home 2.0 SQL Injection Vulnerability
Exploit for php platform in category web applications ============================================ UCenter Home 2.0 SQL Injection Vulnerability ============================================ / Author : KnocKout / Greatz : DaiMon,BARCOD3,RiskY and iranian hackers / Contact: email protected /...
UCenter Home 2.0 SQL Injection
--==UCenter Home 2.0 -0day Remote SQL Injection Vulnerability==-- / Author : KnocKout / Greatz : DaiMon,BARCOD3,RiskY and iranian hackers / Contact: [email protected] / Cyber-Warrior.org/CWKnocKout --==--==--==--==--==--==--==--==--==--== Script : UCenter Home Version : 2.0 Script HomePage :...
UCenter Home 2.0 SQL Injection Vulnerability
No description provided by source. / Author : KnocKout / Greatz : DaiMon,BARCOD3,RiskY and iranian hackers / Contact: [email protected] / Cyber-Warrior.org/CWKnocKout --==--==--==--==--==--==--==--==--==--== Script : UCenter Home Version : 2.0 Script HomePage : http://u.discuz.net/...
UCenter Home 2.0 - SQL Injection
UCenter Home 2.0 - SQL Injection --==UCenter Home 2.0 -0day Remote SQL Injection Vulnerability==-- / Author : KnocKout / Greatz : DaiMon,BARCOD3,RiskY and iranian hackers / Contact: [email protected] / Cyber-Warrior.org/CWKnocKout --==--==--==--==--==--==--==--==--==--== Script : UCenter Home...
UCenter Home 2.0 - SQL Injection
--==UCenter Home 2.0 -0day Remote SQL Injection Vulnerability==-- / Author : KnocKout / Greatz : DaiMon,BARCOD3,RiskY and iranian hackers / Contact: [email protected] / Cyber-Warrior.org/CWKnocKout --==--==--==--==--==--==--==--==--==--== Script : UCenter Home Version : 2.0 Script HomePage :...