Z-Blog 1.5.1.1740 - Full Path Disclosure

Z-Blog 1.5.1.1740 - Full Path Disclosure Exploit Title: Z-Blog 1.5.1.1740 Web Site physical path leakage Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE :...

Z-Blog 1.5.1.1740 Full Path Disclosure

Exploit Title: Z-Blog 1.5.1.1740 Web Site physical path leakage Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7737 This is a WebSite physical path...

Z-Blog 1.5.1.1740 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Z-Blog 1.5.1.1740 XSS Vulnerability Exploit Author: zzw email protected Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7736 This is a XSS...

Z-Blog 1.5.1.1740 Cross Site Scripting

Exploit Title: Z-Blog 1.5.1.1740 XSS Vulnerability Date: 2018-04-03 Exploit Author: zzw [email protected] Vendor Homepage: https://www.zblogcn.com/ Software Link: https://github.com/zblogcn/zblogphp Version: 1.5.1.1740 CVE : CVE-2018-7736 This is a XSS vulnerability than can attack the users. poc:...

Z-BLOG Blind-XXE造成任意文件读取

No description provided by source...

Z-BLOG Blind-XXE result in arbitrary file read vulnerability warning-the black bar safety net

Download the latest version of Z-Blog: http://bbs.zblogcn.com/thread-88670-1-1.html /zbsystem/xml-rpc/index.php 6 4 1 row: $zbp-Load; AddFilterPlugin'FilterPluginZbpShowError','RespondError'; $xmlstring = filegetcontents 'php://input' ; //Logs$xmlstring; $xml = simplexmlloadstring$xmlstring; The...

Z-blog at the front Desk without signing in contains a vulnerability a gold-bug warning-the black bar safety net

http://www.zblogcn.com/zblogphp/ download The problem occurs in zbinstall/index. php I also notice a bit after the installation is complete is to write what's prompt The results of the installation Create the database! zblog Connect to the database and create a data table! Create and insert data...

Z-Blog的php版官方blog存在sql注入（仅仅官方）

简要描述： 操蛋捏 详细说明： 注入地址http://app.rainbowsoft.org/?zba=220 呵呵，好久没法洞了， 漏洞证明：...

Z-Blog旗下DBS主机漏洞可获得客户域名账号密码

简要描述： Z-Blog旗下DBS主机漏洞存在严重的注入漏洞。客户得到所有的域名账号、密码。 详细说明： 1、用的华众的系统，直接看图，查询代码是这样写的。 2、嘎嘎，注册个会员【te】搞定。决定是超另类的注入。登陆后，点击域名管理： 查询语句就变成了 ufatstr like '%,te,%' 漏洞证明：...

Z-Blog is a PHP version of the three low-permission to admin POST injection-vulnerability warning-the black bar safety net

Brief description: Register a reviewer account will be able to note to the administrator Detailed description: Wood have found you accept the POST variables of the function in which 所以 认为 问题 出 在 /zbsystem/function/lib/dbsql.php public function ParseWhere$where global $zbp; $sqlw=null; if!...

Z-Blog的PHP版前台存储型XSS漏洞一

简要描述： 看到你们内测的消息我就屁颠屁颠地跑过来了，花了两个通宵看代码发现几处漏洞.. 这里先绕过了你们XSS过滤脚本.. 详细说明： 问题出在 /zbsystem/function/csystemcommon.php function TransferHTML$source,$para ifstrpos$para, 'nohtml'!==false $source=pregreplace"//si","",$source; ifstrpos$para, 'noscript'!==false $source=pregreplace"/.?/si","",$source;...

Z-Blog PHP版之三低权限管理员POST注入

简要描述： 注册个评论者账号就能注到管理员 详细说明： 木有找到你们接受POST变量的函数在哪，所以认为问题出在/zbsystem/function/lib/dbsql.php public function ParseWhere$where global $zbp; $sqlw=null; if!empty$where $sqlw .= ' WHERE '; $comma = ''; foreach$where as $k = $w $eq=$w0; if$eq=='='|$eq==''|$eq=='LIKE'|$eq==''|$eq=='!=' $x = string$w1; $y ...

Z-Blog的php版前台正则SQL盲注漏洞

简要描述： 第二发...另外有点疑惑想问下你们的开发 详细说明： 问题出在 /zbsystem/function/csystemcommon.php function GetVars$name,$type='REQUEST' if $type=='ENV' $array=&$ENV; if $type=='GET' $array=&$GET; if $type=='POST' $array=&$POST; if $type=='COOKIE' $array=&$COOKIE; if $type=='REQUEST' $array=&$REQUEST; if $type=='SERVER'...

Z-blog程序存在反射性XSS漏洞,影响1.8版本~

简要描述： 貌似听朋友说,剑心蝈蝈看到小厂商的XSS是审核不过的,所以我尴尬了,今天研究博客的时候无意发现了Z-blog博客存在的一个小XSS,在引用地址这里,试了试可以! 详细说明： 官方试了一下,可以弹, http://download.rainbowsoft.org/cmd.asp?act=gettburl&id=104%22%3E%3Cimg%20src=1%20onerror=alert1;%3E 然后GG一下 inurl:cmd.asp?act=gettburl&id= 先拿俩试试吧...

z-blog 1.8 wap pages cell phone search at the SQL injection vulnerability and fix-vulnerability warning-the black bar safety net

具体 页面 请 查看 http://bbs.rainbowsoft.org/thread-65778-1-1.html 2 0 1 2 年 1 月 9 日 to update the record Important update 1, repair cell phone search atSQL injectionvulnerabilities, to give us the security risks are very sorry. Please update the compressed package of the FUNCTION/csystemwap. asp file...

z-blog 1.8 c-error.asp 跨站脚本漏洞

No description provided by source...

Z-BLOG XSS Vulnerabilities-vulnerability warning-the black bar safety net

Vulnerability description: Z-BLOG backend login error message display file cerror. asp, although the jump of the URL-parameter sourceurl encoded, but does not determine the link header, the implementation of the javascript pseudo-Protocol, resulting in cross-site scripting vulnerability...

Z-Blog 1.8 Arwen Build 81206 catalog.asp 存在跨站漏洞

Z-Blog是一个asp的博客系统。 catalog.asp，对参数tags过滤不严，存在跨站漏洞。 Z-Blog 1.8 Arwen Build 81206 暂无 等待官方补丁。 http://www.rainbowsoft.org/ http://blog.rainbowsoft.org/catalog.asp?tags=Z-Blog"/titlescriptalert'sebug'/script...

Z-BLOG V1.8 c_error.asp跨站漏洞

Z-BLOG后台登陆错误信息显示文件cerror.asp，虽然对跳转URL的参数sourceurl进行了编码，但没有判断链接头部，执行了javascript伪协议，造成跨站脚本漏洞。 Z-BLOG V1.8 暂无 等待官方补丁 www.rainbowsoft.org http://www.target.com/function/cerror.asp?errorid=7&number=0&description=&source=&sourceurl=javascript:alertdocument.cookie...

Z-Blog infinite loop vulnerability attack caused by blog with frequent pop-vulnerability warning-the black bar safety net

Writing a blog is now a lot of people part of every day life, many users like to record diary-like intentions in a blog to record their life and thoughts, but the blog as a personal Journal seems to be on the safe side by a lot of users ignore, personal blog security really can be ignored? A lot ...