CVE-2018-9848

In Gxlcms QY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote attackers to execute arbitrary PHP code by first using an Admin-Admin-Configsave request to change the configuploadclass value from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php and then making an...

CVE-2018-9848

In GxlcmsQY v1.0.0713, the upload function in Lib\Lib\Action\Admin\UploadAction.class.php allows remote arbitrary PHP code execution. An attacker first sends Admin-Admin-Configsave to modify config[upload_class] from jpg,gif,png,jpeg to jpg,gif,png,jpeg,php, then issues Admin-Upload-Upload to run...

Design/Logic Flaw

In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajaxupload.php, as demonstrated by a ZIP archive that contains a .php file...

CVE-2017-13670

In BlackCat CMS 1.2, remote authenticated users can upload any file via the media upload function in backend/media/ajaxupload.php, as demonstrated by a ZIP archive that contains a .php file...

Robert 0.5 - Multiple Vulnerabilities

Exploit Title: Robert 0.5 - Multiple Vulnerabilities XSS, CSRF, Directory traversal & SQLi Date: 07/06/2017 Exploit Author: Cyril Vallicari / HTTPCS - ZIWIT Vendor website :http://robert.polosson.com/ Download link : https://github.com/RobertManager/robert/archive/master.zip Live demo :...

WordPress Ultimate Product Catalog 3.8.6 Shell Upload

Exploit Title: Wordpress Ultimate-Product-Catalog v3.8.6 Arbitrary file RCE Date: 2016-06-23 Google Dork: Index of /wp-content/plugins/ultimate-product-catalogue/ Exploit Author: Joaquin Ramirez Martinez i0akiN SEC-LABORATORY Vendor Homepage: http://www.EtoileWebDesign.com/ plugin uri:...

phpATM 1.32 Remote Command Execution / Shell Upload

?php / Exploit Title : "phpATM = 1.32 Remote Command Execution Shell Upload on Windows Servers" Date : 17/06/2016 Author : Paolo Massenio - pmassenioATgmail Vendor : phpATM - http://phpatm.org/ Version : = 1.32 Tested on : Windows 10 with XAMPP PoF "phpATM is the acronym for PHP Advanced Transfer...

蝉知CMS5.3 CRSF getshell

简要描述： 蝉知CMS5.3 CRSF getshell 详细说明： /system/module/package/control.php public function upload$type = 'extension' $this-view-canManage = array'result' = 'success'; if!$this-loadModel'guarder'-verify $this-view-canManage = $this-loadModel'common'-verifyAdmin; if$SERVER'REQUESTMETHOD' == 'POST'...

KesionICMS(.net)可无视任何条件前台getshell

简要描述： KesionICMS除了自带的文章、图片、下载系统外还可以在文章、图片、下载三个系统模型的基础上自定义出功能模型比如房产系统，酒店系统，图片系统，软件下载等；自定义表单助您轻松打造在线报名，举报投诉等功能。10年开发经验的优秀团队，在掌握了丰富的WEB开发经验和CMS产品开发经验的同时，勇于创新追求完美的设计理念，力争为全球更多网站提供助力，并被更多的政府机构、教育机构、事业单位、商业企业、个人站长所认可。 详细说明： KesionICMS某个频道上传功能的地方有缺陷，导致漏洞形成。 本漏洞测试的时候无需登录，即可进行操作。...

JE Messenger 1.0 - Arbitrary File Upload Vulnerability

No description provided by source. JE Messenger 1.0 Arbitrary File Upload Vulnerability Name JE Messenger Vendor http://joomlaextensions.co.in Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-12-...

A simple analysis of an upload function upload vulnerability break-vulnerability warning-the black bar safety net

Function fnUploadImgByVal upFile As HttpPostedFile, ByVal uploadPath As String As String Dim result As String = "" Dim intImgSize As Int32 intImgSize = upFile. ContentLength If intImgSize 0 Then If intImgSize 5 0 0 0 0 0 Then result = "images too large" Return result Exit Function End If Dim...

The hospital was built Station system arbitrary file upload vulnerability-vulnerability warning-the black bar safety net

| Vulnerability file: upfile. aspx I first posted 9 8 line to 1 3 0 lines of code out ,look a bit funny! Google for: inurl:cms/Column. aspx? that inurl:cms/Column. aspx? LMID= too much,your own to find more keywords! | 0 1 | ---|--- 0 2 | function chkform ---|--- 0 3 | ---|--- 0 4 | ---|--- 0 5 |...

“The College of modern teaching management system”vulnerabilities and prevention-vulnerability and early warning-the black bar safety net

Some time ago in the group to see a buddy to share a“College of modern teaching management system”vulnerability, the method is very simple, soon will be able to get a webshell in. Principles and fck almost, also is the use of the upload function. ftb. imagegallery. aspx this is a upload function ...

Joomla JE Messenger 1.0 Shell Upload

JE Messenger 1.0 Arbitrary File Upload Vulnerability Name JE Messenger Vendor http://joomlaextensions.co.in Versions Affected 1.0 Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-12-09 X. INDEX I. ABOUT THE APPLICATIO...

DedeCMSV53 arbitrary variable overwrite vulnerability-vulnerability warning-the black bar safety net

DedeCMSV53 arbitrary variable overwrite vulnerability See today mrxhming students a articles http://hi.baidu.com/mrxhming/blog/item/8176f00bf540f11795ca6b3f.html find this old BUG hasn't been patched to look like, from the inside of the forum go a pp out of it, everyone is welcome to shoot the...

Lanius CMS <= 0.5.2 Remote Arbitrary File Upload Exploit

Exploit for unknown platform in category web applications ======================================================== Lanius CMS = 0.4.6 and Lanius CMS $maxsz 53. return sprintfUPLOADTOOBIG, convertbytes$filesz, convertbytes$maxsz; 54. 55. $thyname = basenameurldecode$FILES$elem'name'; 56. if...

Linux/x86 - upload &amp; exec

No description provided by source. UPLOAD & EXEC SHELLCODE 1 converting asm to hex 2 asm code 3 hex output 4 upload function This is an 'upload and exec' shellcode for the x86 platform. File has to be in executable format, cool if you know the distribution of the target, otherwise it is useless...

PT-2008-5213 · Unknown · Ultra Office Control

Name of the Vulnerable Software and Affected Versions: Ultra Office Control version 2.0.2008.801 Description: The issue is a stack-based buffer overflow in the Ultra.OfficeControl ActiveX control. This occurs when the strUrl, strFile, and strPostData parameters to the HttpUpload method are overly...

EkinBoard &lt;= 1.1.0 Remote File Upload / Auth Bypass Vulnerabilities

No description provided by source. ---- EkinBoard Remote File Upload / Auth Bypass ... ITDefence.ru Antichat.ru EkinBoard = 1.1.0 Remote File Upload / Auth Bypass Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / &nb...

EkinBoard 1.1.0 - Arbitrary File Upload / Authentication Bypass

---- EkinBoard Remote File Upload / Auth Bypass ... ITDefence.ru Antichat.ru EkinBoard = 1.1.0 Remote File Upload / Auth Bypass Eugene Minaev [email protected] / \ \ \ / .\ / /// // / \ / \ // / / / /// /\ / / / / // / / / / / /\ / / / / / / / / / / / //\ \ / / / / // / // / /\ / //...