Under Linux mysql 5. x to give the root password after another kind of use-vulnerability warning-the black bar safety net

Under Linux mysql 5. x to give the root password after further use a 2 0 0 7 year 1 0 June 1 9, Friday 0 6:46mysql5. x for linux here's a function that can help us to do many things, this function is 4. x the following seemingly didn't, the original has not been found, but also did not go to the...

DZ! sodb-2 0 0 8-1 3 EXP published-vulnerability warning-the black bar safety net

!/ usr/bin/php ? php / Discuz! 6. x/7. x SODB-2 0 0 8-1 3 Exp By www.80vul.com Notes the value of the variable, add your own modifications / $host = ‘www.80vul.com’; // Server domain or IP $path = ‘/discuz/’; // Where the program path $key = 0; // The above variable is edited, make will the value...

Discuz! 6.x7.x - Remote Code Execution

Discuz! 6.x7.x - Remote Code Execution !/usr/bin/php ?php / Discuz! 6.x/7.x SODB-2008-13 Exp By www.80vul.com 文件中注释的变量值请自行修改 / $host = 'www.80vul.com'; // 服务器域名或IP $path = '/discuz/'; // 程序所在的路径 $key = 0; //...

Discuz! 6.x/7.x Remote Code Execution Exploit

Exploit for unknown platform in category web applications ============================================= Discuz! 6.x/7.x Remote Code Execution Exploit ============================================= !/usr/bin/php ?php / Discuz! 6.x/7.x SODB-2008-13 Exp / $host = 'www.80vul.com'; // ??????IP $path =...

WebLogic simple catch the chicken law-vulnerability and early warning-the black bar safety net

This article has been published in the hacker X-Files for 2 0 0 8 year 1 1 issue of the magazine on After the author published on the blog, such as reproduced please retain this information! Tomcat is estimated to many people to bring a N meaty chicken server, directly scan weak passwords, into t...

XPSHOP Shopping Mall system Cookies spoofing vulnerability-vulnerability warning-the black bar safety net

Article authors: 1 2 1 7 1 1 0 9 0 Information source: evil octal information security team www.eviloctal.com） Accidentally found this loophole..official now also don't know...I'm not elsewhere in the published Oh.. This vulnerability is bad...to the straight pull change people the administrator...

XPSHOP Shopping Mall system vulnerabilities-vulnerability warning-the black bar safety net

XPSHOP Shopping Mall system vulnerabilities Accidentally found this loophole..official now also don't know...I'm not elsewhere in the published Oh.. This vulnerability is bad...to the straight pull change people the administrator password!! A little bit wicked!!!... But for the sake of our networ...

Discuz! admin\runwizard.inc.php get-webshell bug

由于Discuz!的admin\runwizard.inc.php里saverunwizardhistory写文件操作没有限制导致执行代码漏洞. 在文件admin\runwizard.inc.php里代码: $runwizardhistory = array; $runwizardfile = DISCUZROOT.'./forumdata/logs/runwizardlog.php'; if$fp = @fopen$runwizardfile, 'r' $runwizardhistory = @unserializefread$fp, 99999; fclose$fp;...

PHP168 whole Station system of 0DAY-vulnerability warning-the black bar safety net

The first description under this hole is in the other places to see, just he did not say very clearly, a lot of the vegetable dishes are Do not understand, I take it I first posted it in! This hole is actually the use of the program coding vulnerabilities, download the configuration and the login...

Webshell under to crack computer administrator password-vulnerability warning-the black bar safety net

Information source: evil octal information security team www.eviloctal.com） This idea derived from previous studies runas command when inspired. Method of use: 1, The your password dictionary was renamed into the psw. txt, upload to the target server is an executable, writable directory. It is...

潇湘在线の公开日记V1.0ampV2.0版存在暴库漏洞

如：http://www.target.com/diary/default.asp我们提交：http://www.target.com/diary%5cdefault.asp就能看到数据库的物理路径了！不过管理密码不在数据库，所以这个漏洞基本没什么用，但当被人把数据库改为ASP或ASA为后缀的文件，就可以写入WEBSHELL了。 V1.0&V2.0版 在数据库连接文件中加入容错代码。...

自由动力(My Power)3.6 sp2的注入漏洞

详细说明：自由动力3.6 sp2中多个文件过滤不严存在注入漏洞 下列文件匀存在被注入的危险： ArticleClass.ASP PhotoClass.asp SoftClass.asp UserInfo.ASP 3.6 sp2/Easypower4.0以下免费版本 下载官方提供最新补丁,http://www.asp163.net 使用破解版的NBSI轻松注入： http://www.target.com/UserInfo.asp?UserID=1 注意：特征字符填写 id 即可破解． 其他文件关键在于特征字符的找寻，即可注入．...

The latest Discuz! NT2. 5 vulnerability to report! - Vulnerability warning-the black bar safety net

Title: the latest Discuz! NT2. 5 vulnerability to report! Author: hackest H. S. T. This article has been published in the hacker X-Files for 2 0 0 8 P 1 0 issue of the magazine on After the author published on the blog, such as reproduced please retain this information! Summer, passion in August,...

CVE-2008-4447

Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...

CVE-2008-4448

Cross-site request forgery CSRF vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to perform unauthorized actions as an administrator, including file deletion and creation, via a link or IMG tag to the 1 overkill, 2 futils, or 3 edit actions...

Cross site scripting

Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...

CVE-2008-4447

Cross-site scripting XSS vulnerability in actions.php in Positive Software H-Sphere WebShell 4.3.10 allows remote attackers to inject arbitrary web script or HTML via 1 the fn parameter during a dload action, 2 the mask parameter during a search action, and 3 the tab parameter during a sysinfo...

CVE-2008-4448

CVE-2008-4448 describes a CSRF vulnerability in actions.php of Positive Software H-Sphere WebShell 4.3.10. An attacker can induce an admin to perform unauthorized actions by visiting a crafted link or IMG tag targeting (1) overkill, (2) futils, or (3) edit actions, effectively enabling file delet...

CVE-2008-4447

CVE-2008-4447 is a documented XSS vulnerability in Positive Software H-Sphere WebShell 4.3.10, exploitable via (1) fn in dload, (2) mask in search, or (3) tab in sysinfo within actions.php. The connected sources confirm the affected product/version and the vulnerable parameters, establishing a cr...

H-Sphere WebShell 4.3.10 - actions.php Multiple Cross-Site Scripting Vulnerabilities

H-Sphere WebShell 4.3.10 - actions.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/31524/info H-Sphere WebShell is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may...