min-dash 安全漏洞

min-dash is a minimal utility belt for use with bpmn.io related libraries. A security vulnerability exists in versions prior to min-dash 3.8.1, which stems from the lack of critical type enforcement and makes the software susceptible to prototype contamination via the set method...

HDWIKI鸡肋SQL注入（PHP弱类型实例）

简要描述： 见drops中@小飞发了一篇文章：http://drops.wooyun.org/tips/4483 我一直认为没有实例的文章不是好文章，于是来帮他加个实例，由PHP弱类型造成的SQL注入，非常典型。 为了不拉低大号的平均rank，小号交起嘿 详细说明： /control/list.php 109行 function dofocus $doctype = $this-get2; switch$doctype case 2: $type = 'hot'; $navtitle = $this-view-lang'hotDoc'; break; case 3: $type =...