shopEX商城后台，模板过滤不严，可成功上传木马

简要描述： shopx系列产品，可能是编程习惯问题，对上传的模板包，过滤不严，导致上传攻击文件，如果权限设置比较严，可能会失效，但是危害还是非常大的。形成这个漏洞的原因，可能是程序员的编程习惯造成的。本来想握在手里的，但是发现新的缺陷，会有更大的乐趣，就把这个缺陷扔给官方吧，希望后续修复，如果PR给的高，后续把其他2个安全缺陷也扔出来！ 详细说明：...

shopex官网存在字符过滤漏洞

简要描述： shopex官网存在字符过滤漏洞，该漏洞可以任意更改shopex网用户密码，此前更是一度拿下官方网站的webshell，这个问题已经存在2年多了，现在放出了，SHOPEX团队应该是PHP精英吧，还出现这样低级的错误，真是不应该，该检讨了，咳咳！ 详细说明： SHOPEX官网在注册用户时，对用户名没有做过滤，导致官网论坛用户重叠不知道这样描述对不，意思就是注册用户名和论坛用户本来是2个，但是共享cookie后，论坛那边对用户名过滤后，就变成一个用户了 具体请看：...

HDWiKi V 4.0.3 及 HDWiKi V5.1 后台上SHELL

简要描述： 前几天刚爆了5.1的注入漏洞,在对一个站检测时，发现对方使用的是HDWiKi V 4.0.3版，网上关于模板写马的，好像在这个版本用不了，研究了下，就发现了这个上传WEBshell的方法！ 详细说明： HDWiKi V 4.0.3 在在线安装插件时，没有对压缩包的文件里面的文件做检测，可以先将马放在压缩包里面，再在线安装！ 如图： 安装好后，马马就在plugins下面对应的插件目录里面，具体如何找，你懂的！ HDWiki V5.1 的就简单了，模块下面有个文件管理！直接可以上传的！ 找回密码链接，可以预测： 这个有点难度，主要有2点： 1，要知道被破账号的邮件地址； 2,要抓...

F5 FirePass SSL VPN 6.x / 7.x SQL Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Unauthenticated remote root through SQL injection product: F5 FirePass SSL VPN vulnerable version: 6.0.0 - 6.1.0, 7.0.0 fixed version: 6.1.0 HF-377712-1 / 7.0.0 HF-377712...

. the svn directory does not have permissions to restrict the use of loopholes in the summary(including the repair program)-vulnerability warning-the black bar safety net

The existing site use. svn to do a production environment version control, however. the svn directory does not have to do the access restrictions, you can through the. svn/entries to traverse the file and directory list. In order to save energy, I wrote a php scripthttp://rains.im/?q=node/18to do...

KingCMS ASP 5.0/5.1 vulnerability-vulnerability warning-the black bar safety net

KingCMS ASP is based on ASP+ACCESS framework of a very good CMS system, the reception is all static processing, the new generation of KingCMS provides a better interface, more development leeway, more powerful expansion capability, and now also by many webmasters welcome. But in the absence of th...

RazorCMS 1.2.1 STABLE - Arbitrary File Upload

RazorCMS 1.2.1 STABLE - Arbitrary File Upload Exploit Title: RazorCMS /datastore/webshell.php...

RazorCMS 1.2.1 STABLE Shell Upload

Exploit Title: RazorCMS /datastore/webshell.php...

RazorCMS <= 1.2.1 STABLE File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: RazorCMS /datastore/webshell.php 0day.today 2018-02-17...

WordPress EditorMonkey (FCKeditor)remote file upload vulnerability-vulnerability warning-the black bar safety net

EditorMonkey is WordPress in a plugin,EditorMonkey in the FCKeditor editor is the presence of a remote file upload vulnerability can lead an attacker directly exploit the vulnerability to obtain the webshell on. +info: WordPress EditorMonkey FCKeditor Remote File Upload Author : kaMtiEz...

RazorCMS 1.2.1 STABLE - Arbitrary File Upload

Exploit Title: RazorCMS /datastore/webshell.php...

PHP Webbots Technic via File Include & Webshell VD

Document Title: =============== PHP Webbots Technic via File Include & Webshell VD References: =========== Download: http://www.vulnerability-lab.com/resources/videos/445.wmv View: http://www.youtube.com/watch?v=pwkUVZPxEmQ Release Date: ============= 2012-02-18 Vulnerability Laboratory ID VL-ID:...

PHP Webbots Technic via File Include & Webshell VD

Document Title: =============== PHP Webbots Technic via File Include & Webshell VD References: =========== Download: http://www.vulnerability-lab.com/resources/videos/445.wmv View: http://www.youtube.com/watch?v=pwkUVZPxEmQ Release Date: ============= 2012-02-18 Vulnerability Laboratory ID VL-ID:...

aspcms background files without authentication injection+ cookie spoofing-vulnerability warning-the black bar safety net

Brief Description: The background file AspCmsAboutEdit. asp not validated and unfiltered, resulting inSQL injection. And pure in cookies cheat! Detailed description:-------- background injection-------- http://www.2cto.com /admin/content/About/AspCmsAboutEdit. asp? id=1%20and%2 0...

PHP local file inclusion(LFI)exploit-vulnerability warning-the black bar safety net

This study main references are: http://downloads.ackack.net/LocalFileInclusion.pdf Experimental code: If you are on linux, be submitted directly to: test. php? for=/etc/passwd%0 0 to display the file. ? php include$GET'for'.‘. php’;//for testing local include vulnerability ?& gt; If it is on win,...

aspcms 后台文件无验证注入+ cookies欺骗

简要描述： 后台文件 AspCmsAboutEdit.asp 未进行验证，且未过滤，导致SQL注入。而且纯在cookies欺骗！ 详细说明： ————————后台注射————————...

Kingdee Apusic Web framework for the backend to get the site webshell and repair-vulnerability warning-the black bar safety net

Apusic Web Management Console Default background address: admin/login. jsp The default management account password: admin admin Use method: the background has to execute SQL statements, also have to load anything. Specific words have forgotten Find Upload, a loaded God horse, just look to...

SAPID 1.2.3 Stable - Remote File Inclusion

SAPID 1.2.3 Stable - Remote File Inclusion Exploit Title: SAPID Stable RFI Google Dork: tanyakan pada dan pemula :D Date: January 08 2011 Author: Opa Yong Software Link: http://sourceforge.net/projects/sapid/files/sapid-cms/ Version: SAPID 1.2.3 Stable Tested on: Windows XP Home Edition SP2 @POC:...

SAPID 1.2.3 Stable - Remote File Inclusion

Exploit Title: SAPID Stable RFI Google Dork: tanyakan pada dan pemula :D Date: January 08 2011 Author: Opa Yong Software Link: http://sourceforge.net/projects/sapid/files/sapid-cms/ Version: SAPID 1.2.3 Stable Tested on: Windows XP Home Edition SP2 @POC:...

SAPID 1.2.3 Remote File Inclusion

Exploit Title: SAPID Stable RFI Google Dork: tanyakan pada dan pemula :D Date: January 08 2011 Author: Opa Yong Software Link: http://sourceforge.net/projects/sapid/files/sapid-cms/ Version: SAPID 1.2.3 Stable Tested on: Windows XP Home Edition SP2 @POC:...