18 matches found
Logic Flaw Vulnerability in YidaCMS Website Management System
YidaCMS website management system is a simple, practical and efficient website builder. A logic flaw vulnerability exists in the YidaCMS website management system. An attacker can exploit the vulnerability to log into any user's account...
File renaming vulnerability in the background of YidaCMS Yida building system (CNVD-2020-27481)
YidaCMS website management system is a simple, practical and efficient website builder. YidaCMS YidaCMS website builder system backend file renaming vulnerability, an attacker can exploit the vulnerability to obtain control of the server...
File Renaming Vulnerability in YidaCMS Website Management System Backend
YidaCMS website management system is a simple, practical and efficient website builder. A file renaming vulnerability exists in the background of YidaCMS website management system, which can be exploited by an attacker to gain control of the web server...
Arbitrary File Creation Vulnerability in YidaCMS Web Management System JS1.8.0 Version
YidaCMS website management system is a simple, practical and efficient website builder. YidaCMS website management system JS1.8.0 version exists arbitrary file creation vulnerability, the attacker through the creation of parsable script file, edit and save the Trojan code will be injected into th...
Renaming Vulnerability in YidaCMS Web Management System JS 1.8.0 Version
YidaCMS website management system is a simple, practical and efficient website builder. A renaming vulnerability exists in version JS1.8.0 of the YidaCMS website management system, which allows an attacker to upload an image Trojan using the kingeditor editor employed by the website and rename th...
YidaCMS Web Management System JS1.8.0 Version Exists Arbitrary File Read Vulnerability
YidaCMS website management system is a simple, practical and efficient website builder. YidaCMS website management system JS1.8.0 version exists arbitrary file reading vulnerability, attackers can use the vulnerability to obtain the website source code information...
Code Execution Vulnerability in YidaCMS Web Management System JS1.8.0 Version
YidaCMS website management system is a simple, practical and efficient website builder. A code execution vulnerability exists in version JS1.8.0 of the YidaCMS website management system, which allows an attacker to obtain a website webshell by editing any parsable script file within the website a...
Arbitrary file deletion vulnerability in YidaCMS Web Management System version JS1.8.0
YidaCMS website management system is a simple, practical and efficient website builder. YidaCMS website management system JS1.8.0 version exists arbitrary file deletion vulnerability, an attacker can exploit the vulnerability to delete any file on the website...
Reflected Cross-Site Scripting Vulnerability in YiDaCMS Yidacms.html.asp Page
YidaCMS website management system is a simple, practical and efficient website builder. A reflective cross-site scripting vulnerability exists in the YiDaCMS Yidacms.html.asp page. An attacker can construct an XSS statement and perform a pop-up box operation to obtain user cookies and other...
Yidacms has a directory traversal vulnerability
YidaCMS website management system is a simple, practical and efficient website builder. Yidacms has a directory traversal vulnerability, which can be exploited by an attacker to retrieve arbitrary files via the directory traversal character '... /' to retrieve arbitrary files and obtain sensitive...
YiDacms X3.2版在/Yidacms/buy_settlement.asp处存在SQL注入可导致任意刷钱漏洞
No description provided by source...
Yidacms v3.2 /Yidacms/user/user.asp 远程密码修改漏洞
No description provided by source...
Yidacms v3.2 /Yidacms/user/user.asp 信息泄漏漏洞
漏洞相关文件:/Yidacms/admin/adminsyscome.asp%@language="vbscript"codepage="65001"% % '※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※ '※ ※ '※ 易达CMS企业建站系统、易达WAP手机建站系统 ※ '※ 软件由哈尔滨伟成科技有限公司开发完成 ※ '※ 著作权登录号:2012SR001955 网址:http://yidacms.com ※ '※ 软件享有著作权,未经公司同意禁止去除版权信息或出售源码。 ※ '※ ※ '※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※※ option...
YiDacms 最新版重置任意用户账户二及其他越权操作
简要描述: YiDacms 最新版重置任意用户账户,及其他越权操作 详细说明: 易达CMS 企业建站系统 当前最新版本是:YidaCms X3.2(20140718)版 之前发过一次重置任意用户密码的漏洞,但是只能修改成固定的密码,要是修改成任意密码的话,比较麻烦,需要md5明文密码后取10位作为信息密码,较麻烦。 这里我们直接输入任意明文密码,即可修改 来看看源代码: 文件/Yidacms/user/user.asp if request"yidacms"="password" Then set rs=server.createobject"adodb.recordset" useri...
YiDacms最新版漏洞大礼包
简要描述: YiDacms最新版漏洞大礼包 详细说明: 易达CMS 企业建站系统 当前最新版本是:YidaCms X3.2(20140718)版 这里我们主要看看后台比较严重的漏洞 关于xss和sql注入我们就不多讲了,后台的SQL注入很多都没有用全局过滤,导致sql注入 首先来看看第一处目录遍历,任意文件读取,拿shell: 文件/Yidacms/admin/adminfso.asp: ElseIf action = "Edit" then '读取文件 Dim FileAll FilePath = TrimRequest.Form"ThisDir" FileName =...
YiDacms 最新版SQL注入漏洞二处
简要描述: YiDacms 最新版SQL注入漏洞二处 详细说明: 易达CMS 企业建站系统 当前最新版本是:YidaCms X3.2(20140718)版 文件/Yidacms/user/usermessage.asp 第一处SQL注入: None 在update时,shuaiwebuserzhuangtai和shuaiwebuseradmin没有使用全局过滤filterStr函数,导致SQL注入。 漏洞证明: 第一处SQL注入证明: 这里我们打印一下SQL语句。 存在此用户,email显示在了接收账户处 用户不存在,无法发送信息...
YidaCms_X3.2逻辑错误造成越权访问,可修改管理密码
简要描述: 因代码逻辑错误,可以构造语句绕过,直接修改管理员密码 详细说明: 最新版的3.2下的 admin\CheckAdmin.asp username = request.Cookies"username" password = request.Cookies"password" cookiesmd5 = request.Cookies"cookiesmd5" dim adminname,adminpass,adminqx,adminaqx set rs = server.createobject"adodb.recordset" sql="select from...
YiDaCms v3.2 sql注入+逻辑错误
简要描述: rt 详细说明: admin\CheckAdmin.asp username = request.Cookies"username" password = request.Cookies"password" cookiesmd5 = request.Cookies"cookiesmd5" dim adminname,adminpass,adminqx,adminaqx set rs = server.createobject"adodb.recordset" sql="select from shuaiwebvipadministrator where...