2126 matches found
phpmyadmin4.8.1后台getshell
官网下载的最新版,文件名是phpMyAdmin-4.8.1-all-languages.zip 问题就出现在了 /index.php 找到5563行 第61行出现了 include $REQUEST'target'; 很明显这是LFI的前兆,我们只要绕过5559的限制就行 第57行限制 target 参数不能以index开头 第58行限制 target 参数不能出现在 $targetblacklist 内 找到 $targetblacklist 的定义: 就在 /index.php 的第50行 只要 target 参数不是 import.php 或 export.php...
Prowli Malware Targeting Servers, Routers, and IoT Devices
After the discovery of massive VPNFilter malware botnet, security researchers have now uncovered another giant botnet that has already compromised more than 40,000 servers, modems and internet-connected devices belonging to a wide number of organizations across the world. Dubbed Operation Prowli,...
Code Execution Vulnerability in UQCMS B2B2C Multi-merchant E-commerce System Backend Templates
B2B2C multi-merchant e-commerce system is combined with years of e-commerce development experience to launch the B2B2C multi-store system. There is a code execution vulnerability in the backend template of UQCMS B2B2C Multi-merchant E-commerce System. Attackers can use this vulnerability to write...
GreenCMS 2.3.0603 - Cross-Site Request Forgery Remote Code Execution
GreenCMS 2.3.0603 - Cross-Site Request Forgery Remote Code Execution Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability get webshell Date: 2018-06-02 Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.06...
GreenCMS 2.3.0603 - Cross-Site Request Forgery / Remote Code Execution Vulnerabilities
Exploit for php platform in category web applications Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability get webshell Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE : CVE-2018-11670 An issue...
GreenCMS 2.3.0603 Cross Site Request Forgery
Exploit 1 of 2: Exploit Title: GreenCMS v2.3.0603 CSRF vulnerability get webshell Date: 2018-06-02 Exploit Author: xichao Vendor Homepage: https://github.com/GreenCMS/GreenCMS Software Link: https://github.com/GreenCMS/GreenCMS Version: v2.3.0603 CVE : CVE-2018-11670 An issue was discovered in...
MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass Vulnerabilities
Exploit for php platform in category web applications Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google...
MachForm < 4.2.3 - SQL Injection / Path Traversal / Upload Bypass
Vendor: Appnitro Product webpage: https://www.machform.com/ Full-Disclose: https://metalamin.github.io/MachForm-not-0-day-EN/ Fix: https://www.machform.com/blog-machform-423-security-release/ Author: Amine Taouirsa Twitter: @metalamin Google dork examples: ---------------------- "machform"...
Monxin Netcom Mall System v4.0 Exists Arbitrary File Upload Vulnerability
Monxin all-network mall system is a mall management system based on PC mall + cell phone mall + WeChat mall + offline cashier, members / orders / commodities / inventory online and offline real-time synchronization of data across the network. Monxin v4.0 there are arbitrary file upload...
Monstra CMS 3.0.4 Remote Code Execution
Exploit Title: Monstra CMS 3.0.4 Upload Plugin Remote code execution CVE-2018-9037 Date: 2018-05-14 Exploit Author: Jameel Nabbo Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested on: MAC OSX CVE :CVE-2018-9037 Monst...
Code Execution Vulnerability in Microcms (viicms) v1.0
VIICMS is a third-party platform that specializes in providing marketing and promotion services for WeChat public accounts. A code execution vulnerability exists in micro cms viicms v1.0. The vulnerability stems from the program failing to effectively filter the parameter array when changing the...
Monstra CMS 3.0.4 - Remote Code Execution Vulnerability
Exploit for php platform in category web applications Exploit Title: Monstra CMS 3.0.4 Upload Plugin Remote code execution CVE-2018-9037 Exploit Author: Jameel Nabbo Vendor Homepage: https://github.com/monstra-cms/monstra Software Link: https://github.com/monstra-cms/monstra Version: 3.0.4 Tested...
Code Execution Vulnerability in Micro Window CMS (Vwins) v3.0
Micro Window CMS Vwins is a free and open source microsoft public and paypal service window management platform system. A code execution vulnerability exists in version v3.0 of Vwins CMS Vwins. The vulnerability stems from improper filtering of incoming parameters when modifying the configuration...
UCMS 1.4.5 File Upload Vulnerability
UCMS is a simple open source content management system. A file upload vulnerability exists in UCMS 1.4.5. An attacker can exploit the vulnerability to directly upload a script Trojan file to obtain a webshell...
WordPress has an arbitrary file upload vulnerability
WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. WordPress has an arbitrary file upload vulnerability. The vulnerability is due to the system does not filter the content of t...
Arbitrary file editing vulnerability in niubicms v1.8
Cow CMS is a free version of the local portal PHP source code system. Includes: news, real estate, talent, automotive, local business station three-level domain name station, merchant business cards and other functions. niubicms v1.8 version of the existence of arbitrary file editing vulnerabilit...
Renaming Vulnerability in DedeCMS v5.7 SP2 Version
Shanghai Zhuozhuo Network Technology Co., Ltd Desdev Inc, is a professional web content management solutions provider, its products - Dream Content Management System DedeCms is one of the most used CMS in China. A renaming vulnerability exists in DedeCMS V5.7 SP2, which allows an attacker to obta...
Code execution vulnerability in ThinkerCMS v1.4 version
ThinkerCMS is a content management system based on the development of thinkphp3.2, which is characterized by its compactness and delicacy, and can be quickly developed twice. A code execution vulnerability exists in ThinkerCMS v1.4, as the program does not filter webpage Trojan features, attacker...
Arbitrary file copying vulnerability in CoverCMS v1.1.7
Shanghai Raging Wolf Network Technology Co., Ltd. is committed to the development of mobile Internet and enterprise website, e-commerce website. CoverCMS v1.1.7 version exists arbitrary file copying vulnerability, due to the product of the file name to be copied and the file name to be saved are...
Arbitrary File Write Vulnerability in CoverCMS v1.1.7
Shanghai Raging Wolf Network Technology Co., Ltd. is committed to the development of mobile Internet and enterprise website, e-commerce website. Arbitrary file writing vulnerability exists in CoverCMS v1.1.7, due to the product has not filtered the file name and content of the file to be written,...