ACTCMS system exploit-a vulnerability warning-the black bar safety net

ACTCMS is a fully open source program, there are UTF-8 and GB2132 two encoded version, supports ACCESS and MSSQL two databases. Preface: Two days ago in the Group Chat when listening to the group of friends have to say met a ACTCMS system, you and ACTCMS more ripped in a few words, when idle no...

Resistant product image management system Access version of Cookie spoofing vulnerability-vulnerability warning-the black bar safety net

About a year ago I discovered the resistance to the product image management system Access version of a Cookie spoofing vulnerability: any user can modify the Cookie to get administrator privileges. This year 6 month, I give resistance to product technology sent a message to inform this...

Month Of Abysssec Undisclosed Bugs - InterPhoto Gallery 2.4.0

''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 6 0day | | | | || / \ || | | | || ||// \/|/ ''' - Title : InterPhoto Gallery Multiple Remote Vulnerabilities - Affected Version : = 2.4.0 - Vendor Site : http://www.weensoft.com - Discovery :Abysssec.com -...

InterPhoto Gallery - Multiple Vulnerabilities

InterPhoto Gallery - Multiple Vulnerabilities ''' | / |/ \ /\ | | | | \ | \ / | | | | / \ | | | | | | | |/| | | | |/ /\ | | | | Day 6 0day | | | | || / \ || | | | || ||// \/|/ ''' - Title : InterPhoto Gallery Multiple Remote Vulnerabilities - Affected Version : = 2.4.0 - Vendor Site :...

SHOP363 online shop system through the kill vulnerability-vulnerability warning-the black bar safety net

SHOP363 program is not for strict filtering, to produce cookies spoofing vulnerability. And can be configured to upload malicious code to obtain site permissions. In the discussion group to see the altar friends ask SHOP363 the background to get WEBSHELL method, because the previous didn't used t...

Smart core management system through the kill vulnerability-vulnerability warning-the black bar safety net

Smart core management system of the pass to kill the loopholes, a few days ago happen to need to get a Chi Rui school management system Station download the intelligent core of the system see the following code, found in the ADMIN directory, the admincheck. asp file code is written this way is by...

风讯（FooSun）awardAction.asp页面存在SQL注入漏洞

在文件\User\award\awardAction.asp中： Integral=NoSqlHackrequest.QueryString"Integral" //第14行 if action="join" then UserConn.execute"Insert into FSMEUserPrize prizeid,usernumber,awardID values"&CintStrprizeID&",'"&session"FSUserNumber"&"',"&CintStrawardID&"" '获得当前参加人数--------------------------------...

Wind news site management system awardAction. asp page there is a SQL injection-vulnerability warning-the black bar safety net

FoosunCMS is a powerful feature of based on ASP+ACCESS/MSSQL architecture of content management software. In the file\User\award\awardAction. asp: Integral=NoSqlHackrequest. QueryString"Integral" //paragraph 1 Line 4 if action="join" then UserConn. execute"Insert into FSMEUserPrize...

Ya Qi technology program add any administrator 0day-vulnerability warning-the black bar safety net

Site background the lack of verification can be remotely add an administrator user and log in the background Keywords: inurl:ShowInfo. asp? ShowId= Find the website then in the website address added on: admin/UserManage. asp? action=UserAdd Go in to add an administrator, and then use the Add...

Break the ray pool latest patch technology-vulnerability warning-the black bar safety net

Is about 4 months out of the test the following should be friends useful. if it helps you give me a top up Mine pool transfer of use is actually a very early ago, and later out of the patch One day a person asked me a few Station find has hit a patch of mine pools, and later by chance looked at t...

Use google for beginners looking for exercise provided the right opportunity-vulnerability warning-the black bar safety net

Article author: wade821643 Use google for beginners looking for exercise provided the right opportunity Novices generally suffer no webshell, to practice providing the right skills. Online one by one to find the loopholes yourself in the upload webshell, very trouble, in case the sql to a query f...

With a simple asp Trojan back door, to find a asp Backdoor Trojan-exploit-warning-the black bar safety net

I waited for the side dishes yourself not write to asp of the horse, only with prawns to write, but the online streaming of all don't know is the several hand, it is inevitable that some ill-intentioned people will be on the inside plus the back door. Finally get to a shell and be someone stole h...

BlaB! Lite remote file include vulnerability-vulnerability warning-the black bar safety net

Remote file inclusion vulnerability, you can get a website webshell Official address: Download:http://hot-things.net/cs/dndnormal/blab50lite.zip Vulnerability file: blab50lite/register.php Trojan: a http://localhost/blab50lite/register.php?skindir=shell.txt POC: the...

C9 static article publishing system vulnerabilities 0day-vulnerability warning-the black bar safety net

See the one called C9 static article publishing system The program is just not carefully watched. Today download back a see under found problems in the vote there is a flash voting system, flash I don't understand, then grabbed a pack to see found is by add. asp submitted to the vote of the xml...

Quick guestbook v10. 0 9 The official version upload vulnerability and a Cookie spoofing vulnerability-vulnerability warning-the black bar safety net

Upload vulnerability: Loophole Page:/up/add. asp Use method: directly in the guestbook behind a vulnerability page address: for example: http://localhost/up/add.asp, The local structure of x. asp;. jpg picture Trojan, using iis6. 0 parsing vulnerability. Directly upload. Get the webshell, As for...

php168 buy get administrator privileges 0day-vulnerability warning-the black bar safety net

The exploit: the 1. Registered normal user 2. By http://site/buygroup.php?job=buy&gid=3purchase administrator privileges. 3. The background that 2webshell...

The multi-mode Server-bug warning-the black bar safety net

Find the configuration file, read the web site directory under the config. asp config.php conn. asp inc directory find a high-privilege account and password For example: the root password SA password. // CH the following variables, according to the space provided of the account parameters to...

php168 get the administrator 0day-vulnerability warning-the black bar safety net

Due to php168 program to the user group permission to buy the improper handling, so that ordinary users have to purchase the administrator permissions, so as to obtain administrative privileges. The exploit: the 1. Registered normal user 2. By...

A permanent network of personal music box LajoxBox v1. 1 latest upload exploit-vulnerability warning-the black bar safety net

Vulnerability description: 1. The default database download 2. Background verification is not strictly, there upload vulnerability that can be submitted to the asa horse The exploit: the 1. Download default database data/music. asa, will bereplaced with%2 3 to download. 2. http://www. hackqing...

The modified mdb to asp the consequences-vulnerability warning-the black bar safety net

by:SuperHei·Lilo May be with the network security technology development., the administrator of the qualities are on the increase, when using access+asp system, not the database being downloaded to the mdb to asp or asa. The first does not say directly change the suffix, you can directly use the...