Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 – Sudo chroot Privilege Escalation PoC This...

Exploit for CVE-2025-47827

CVE-2025-47827 !GitHub licensehttps://img.shields.io/gith...

Exploit for Path Traversal in Ghost

CVE-2023-40028: Ghost CMS Symlink Exploitation PoC Overv...

Exploit for Incorrect Authorization in Ivanti Mobileiron_Sentry

MobileIron Sentry CVE-2023-38035 information extraction Fe...

Spot UniswapV3 pricing for rETH when staking in SafEth can lead to loss of user funds

Lines of code Vulnerability details Impact An attacker can craft a set of transactions so that when they are depositing funds in the SafEth contract, using the stake function, they can understate the value of existing deposits preDepositPrice value, while overstating the value of their deposit...

Mail.ru: [samokat.ru] PHP modules path disclosure due to lack of error handling

Hi security team @mailru we found a Information disclosure in phpproject in subsamokat.ru On one side of the server samokat.ru generates a full stack error trace instead of an HTTP 500 error. The complete error stack trace reveals the full path of the PHPConfiguration module directory on the...

Prototype Pollution in maikelvl/dot-json

Description dot-json is vulnerable to Prototype Pollution. This package allowing for modification of prototype behavior, which may result in Information Disclosure/DoS/RCE. Proof of Concept 1. Create the following PoC file: js // poc.js var dotJson = require"dot-json" var myfile = new...

PHPCMS V9 version of the background design flaws lead to arbitrary code execution vulnerability

Source link: http://www.cnbraid.com/ 0x01 background Since the default after installation requires Super administrator privileges, so the vulnerability is very tasteless, but the feeling should be in other cms, there are also, so the main share under the mining idea PS: using the test environment...

PHPOK企业建站系统(支付漏洞1元任意买);

简要描述： PHPOK企业建站系统PHPOK4.4.010支付漏洞1元任意买最新版 详细说明： 1.来到产品展示随便选入一件商品进购物车下订单 2.来到之类点确认支付抓包修改金额 3.改成1元然会出现链接点开就好了 只要1元就可以 漏洞证明： 1.来到产品展示随便选入一件商品进购物车下订单 img src="https://images.seebug.org/upload/201511/0919554096547d3a4eb6da54be5276c7ad0c1967.jpg" a...

kppw最新版前台sql注入

简要描述： 我这么认真，你们还是给我点对应的rank吧 详细说明： 算上关联的函数，本来还有很多的，我自己也没有找了， 我测试的是utf版本的，你们gbk版本由于这个问题已经炸了，希望好好审查 下面我拿 control\user\messagesend.php文件举例，同样问题的我找的还有 message.php,yijia.php setUid $gUid ; $objMsgM-setUsername $username ; $objMsgM-setTouid $arrSpaceInfo 'uid' ; $objMsgM-setTousername $arrSpaceInfo...

thinksaas最新版存储xss

简要描述： 过滤不当 详细说明： 最新版下载地址http://www.thinksaas.cn/service/down/ 跟前面thinksaas最新版xss2 WooYun: thinksaas最新版xss2 thinksaas最新版xss WooYun: thinksaas最新版xss 原理都一样 吐槽下 官网不让注册帐号 就在本地测试了 前人的我测试一个现在还可以 当然 漏洞文件肯定是不一样的 漏洞文件 在app/article/action/add.php 25行中没有过滤 48行插入数据库 isLogin; switch $ts case "" : if...

ShopEx服务器配置不当（可shell可泄漏内外信息）

简要描述： 第一次来玩这个站。。。 详细说明： fastcgi的9000端口问题，是shopex的爬虫服务器 然后确定ip地址 看看arp信息 虽然域名是sarShopEx 漏洞证明： 查看passwd文件。。。 通过hosts文件得知域名是sradar.cn下的二级域名，该域名也是属于shopEx的。。。...

某通用稿件系统一处通用SQL注入

简要描述： 影响海量投稿系统 详细说明： google关键字：技术支持：南京杰诺瀚软件科技有限公司 案例： http://www.cjge-manuscriptcentral.com/Web/News.aspx?searchid=163768 http://www.lcmzxzz.com/Web/News.aspx?searchid=586073 http://gaojian.xhnj.com/Web/News.aspx?searchid=313670 http://xb.cuit.edu.cn/Web/News.aspx?searchid=112266...

某非书资料管理系统通用型SQL注入漏洞

简要描述： 详细说明： Manufacturers： http://www.metadata.com.cn/ 杭州麦达电子有限公司 SQL Injection: /poweb/Ip.do?method=addIp&schoolid= 其中schoolid存在注入 Case: http://59.74.114.252:84/poweb/Ip.do?method=addIp&schoolid=301041 http://219.222.177.236:8080/poweb/Ip.do?method=addIp&schoolid=281041...

Mastery oa at the secondary injection vulnerability-vulnerability warning-the black bar safety net

Brief description: Paralysis of the software Detailed description: ! QQ 图片 20141215110029.jpg Add the attention of the people, many functions rely on the data code area POST http://121.40.134.14/general/personinfo/concernuser/update.php HTTP/1.1 Host: 121.40.134.14 Connection: keep-alive...

Wave OA the platform there is a common SQL injection(sa permissions)lead Getshell-a vulnerability warning-the black bar safety net

POST /login. aspx HTTP/1.1 Content-Length: 3 4 2 Content-Type: application/x-www-form-urlencoded User-Agent: Googlebot/2.1 +http://www.googlebot.com/bot.html X-Requested-With: XMLHttpRequest Referer: http://124.133.235.142/ Host: 124.133.235.142 Connection: Keep-alive Accept-Encoding:...

Crystal Player 1.99 - Memory Corruption

Crystal Player 1.99 - Memory Corruption Document Title: =============== Crystal Player 1.99 - Memory Corruption Vulnerability Date: ============= 21/01/2015 Vendor Homepage: ================ http://www.crystalreality.com/ Abstract Advisory Information: ============================== Memory...

cmseasy 最新版补丁绕过sql注入（绕过360waf）

简要描述： 继续绕啊绕啊 详细说明： 首先还是老地方：archiveact.php611行） function respondaction includeonce ROOT . '/lib/plugins/pay/' . front::$get'code' . '.php'; $payclassname = front::$get'code'; $payobj = new $payclassname; $uri = $SERVER"REQUESTURI"; $uriget = strstr$uri, '?'; $uriget = strreplace'?', '', $uriget;...

Cmseasy某处SQL盲注漏洞（绕过360防护）

简要描述： 注入..但是木回显 盲注了.. 详细说明： index.php 84行 stats::getbot; 由于初始化的时候也没对$SERVER做过滤的什么措施 导致的注入 stats.php 13行到78行 getbot 这个功能是看蜘蛛的记录 $SERVER 没过滤 我们只需要把HTTPUSERAGENT伪造成蜘蛛的就ok了 public static function getbot $ServerName = $SERVER"SERVERNAME"; $ServerPort = $SERVER"SERVERPORT"; $ScriptName =...

CmsEasy最新版本前台SQL注射 (2)

简要描述： 这几天在尝试做一款PHP源码审计工具，匹配一些初步的规则时扫出来的，并非针对，感谢CmsEasy 详细说明： 还是INSERT注入，/index.php下有一个stats::getbot;这个方法在做什么呐？ /lib/table/stats.php public static function getbot $ServerName = $SERVER"SERVERNAME"; $ServerPort = $SERVER"SERVERPORT"; $ScriptName = $SERVER"SCRIPTNAME"; $QueryString =...