Lucene search
K
SeebugRecent

56796 matches found

seebug.org
seebug.org
added 2014/08/04 12:0 a.m.34 views

Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability

No description provided by source. Document Title: =============== Photo WiFi Transfer 1.01 - Directory Traversal Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1285 Release Date: ============= 2014-07-31 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/08/04 12:0 a.m.18 views

Ecmall 2.3.0 /member.app.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/08/04 12:0 a.m.24 views

Tccms sql注入获得管理账号密码

简要描述: 直接看到/app/model/attackAction.class.php这个文件 public function initLogHacker /get/ foreach$GET as $key=$value if !inarray$key, array'ac','a','c','do'//防止控制器和方法命名不规范被过滤 $this-StopAttack$key,$value,"get",$this-getfilter; $GET$key = StringUtil::safereplace$value; $GET$key =...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/08/04 12:0 a.m.18 views

SkaDate Lite 2.0 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/env python SkaDate Lite 2.0 Remote Code Execution Exploit Vendor: Skalfa LLC Product web page: http://lite.skadate.com | http://www.skalfa.com Affected version: 2.0 build 7651 Platform version: 1.7.0 build 7906 Summary: SkaDate Lite is a new platform...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/08/04 12:0 a.m.46 views

Sphider Search Engine - Multiple Vulnerabilities

No description provided by source. Exploit Title: Sphider Search Engine - Multiple Vulnerabilities Google Dork: ext:php intext:sphider inurl:search.php Date: 6/20/2014 Exploit Author: Shayan Sadigh twitter.com/r1pplex | [email protected] Vendor Homepage: http://www.sphider.eu/ Version:...

7.5CVSS9AI score0.10451EPSS
Exploits12
seebug.org
seebug.org
added 2014/08/04 12:0 a.m.27 views

TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities

No description provided by source. Document Title: =============== TigerCom iFolder+ v1.2 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1284 Release Date: ============= 2014-07-30 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/08/04 12:0 a.m.23 views

phpyun v3.1.0604 /index.class.php 本地文件包含漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/08/04 12:0 a.m.38 views

Dlink DWR-113 Rev. Ax - CSRF Denial of Service

No description provided by source. Exploit Title: Dlink DWR-113 Rev. Ax - CSRF causing Denial of Service Google dork : N/A Exploit Author: Blessen Thomas Date : 29/07/14 Vendor Homepage : http://www.dlink.com/ Software Link : N/A Firmware version: v2.02 2013-03-13 Tested on : Windows 7 CVE :...

5CVSS8.7AI score0.02889EPSS
Exploits5
seebug.org
seebug.org
added 2014/08/04 12:0 a.m.28 views

D-Link AP 3200 Multiple Vulnerabilities

No description provided by source. Exploit Title: D-Link AP 3200 Multiple Vulnerabilities Date: 29/07/2014 Exploit Author: pws Vendor Homepage: http://www.dlink.com/ Firmware Link: http://ftp.dlink.ru/pub/Wireless/DWL-3200AP/Firmware/ Tested on: Latest version Shodan d0rk: "Server:...

6.7AI score
Exploits0
seebug.org
seebug.org
added 2014/08/04 12:0 a.m.29 views

逐浪cms sql注入漏洞2

简要描述: rt. 详细说明: 在线聊天功能都有,你敢信. 会员中心.在线聊天查找好友:http:demo.zoomla.cn/user/usertalk/SelectFrient.aspx,按昵称查找,注入点. user/usertalk/SelectFrient.aspx AppWebekn5n2xj.UserUsertalkSelectFrient button1Click cll = this.bu.GetuserTbUserBaseDataConverter.CLngthis.SelectID.Text; 按照ID查找处经过处理 cll =...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/08/03 12:0 a.m.28 views

CmsEasy最新版5.5_UTF-8_20140802两处SQL注入(指哪补哪的后果)

简要描述: CmsEasy官方8.2号,更新了CmsEasy5.5UTF-820140802.rar 并且发布了补丁CmsEasyforUploads20140802.rar 然后,下载了个最新的包,看了下,发现一处问题 这个问题打过补丁了,但是还是能从其他地方进行注入 详细说明: 首先来看看unionact.php: function registeraction $r = $this-union-getrowarray'userid'=$this-view-data'userid'; if$r echo 'alert"'.lang'你已经申请,转入联盟页面!'.'"';...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/08/03 12:0 a.m.89 views

CmsEasy最新版5.5_UTF-8_20140802多处SQL注入

简要描述: CmsEasy官方8.2号,更新了CmsEasy5.5UTF-820140802.rar 并且发布了补丁CmsEasyforUploads20140802.rar 然后,下载了个最新的包,看了下,发现一处问题 这个问题引发多处SQL注入。 另附: 还有一个问题就是可以进行暴力注入,然后进后台拿shell。 详细说明: CmsEasy有一个客服聊天模块celive 这里/celive/live/目录下的四个文件header.php,index.php,mainbox.php,send.php 都存在同样的问题,这里拿header.php举例。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/08/03 12:0 a.m.14 views

ThinkSAAS重要敏感信息泄漏

简要描述: ==! 详细说明: smtp信息泄漏 https://github.com/thinksaas/ThinkSAAS/blob/bf7c544f3f04a5f4ef18f831b4f270049bd3d94c/data/mailoptions.php 利用该帐号重置管理([email protected])密码进入管理后台, 密码改为1078700473, 漏洞证明:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/08/03 12:0 a.m.48 views

大汉JCMS系统SQL注入漏洞

简要描述: 详细说明: 缺陷:module/sitesearch/index.jsp 注入参数columnid 漏洞证明: 案例测试: 测试A: mask 区域 1.http://.. /module/sitesearch/index.jsp?columnid=0,-11,5086,5087,5088,5089,5090,5104,5105,5106,5107,5091,5108,5109,5110,5111,5092,5120,5121,5122,5123,5093,5094,5095,5117,5118,5119,5096,5097,5098,5099,5100 测试B: mask ...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/08/01 12:0 a.m.51 views

Fengcms SQL注入漏洞

简要描述: 官方给的测试站似乎被getshell了,吓坏了呀不是我干的 详细说明: app/controller/messageController.php class messageController extends Controller private $model = "message"; public function index return $this-display"message.html";//,M$this-model-page; public function add return...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/31 12:0 a.m.16 views

qibocms多个系统绕过补丁继续注入2

简要描述: 之前发了补丁被绕过了, 现在又发布了补丁。 今天上午的时候看了看补丁。 第一眼觉得很牛逼。 然后觉得这补丁很吊,就放下了。 下午的时候又继续看了看补丁 原来还是可以绕过。 依旧是通杀多个系统。 由于是通用的函数, 所以能造成注入的点不止一处。 用v7整站系统 再随便找一个点来说就行啦。 详细说明: 再来看看一下 qibocms的全局过滤函数 $POST=AddS$POST; $GET=AddS$GET; $COOKIE=AddS$COOKIE; function AddS$array foreach$array as $key=$value if!isarray$value...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2014/07/31 12:0 a.m.175 views

XTACACSD report() 缓冲区溢出漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/31 12:0 a.m.19 views

Samba 2.2.0 trans2open 缓冲区溢出漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/31 12:0 a.m.32 views

齐博cmsV7整站系统sql注入

简要描述: 应该逻辑有点小错误? 详细说明: http://down.qibosoft.com/down.php?v=v7 刚下载来测试的 发现点问题。 function AddS$array foreach$array as $key=$value if!isarray$value @eregi"'\"&+",$key && die'ERROR KEY!'; $value=strreplace"&x","& x",$value; //过滤一些不安全字符 $value=pregreplace"/eval/i","eva l",$value; //过滤不安全函数...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/31 12:0 a.m.9 views

FreeBSD Telnet Service Encryption Key ID 缓冲区溢出漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/31 12:0 a.m.23 views

ProFTPD 1.3.2rc3 - 1.3.3b Telnet IAC 缓冲区溢出漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/31 12:0 a.m.24 views

qibocms全部开源系统 Getshell

简要描述: 多研究研究了会 发现可以Getshell。 看了看qibo所有的开源系统 都存在这洞。 无需登录 Getshell。 之前一直在因为不能直接闭合而纠结。 找P神指点了指点 成功搞定。 用整站系统来演示一下把。 P.S. 狗哥 能否送我个邀请码/hx 详细说明: 全局过滤函数 function AddS$array foreach$array as $key=$value if!isarray$value @eregi"'\"&+",$key && die'ERROR KEY!'; $value=strreplace"&x","& x",$value; //过滤一些不安全字符...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/31 12:0 a.m.15 views

FreeBSD 9 Address Space Manipulation 权限提升漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/31 12:0 a.m.29 views

discuz 7.2&discuz x<=2 后台注入

简要描述: 第二发 详细说明: 以dz7.2来说,漏洞位于task.php 57行, $query = $db-query"SELECT t., mt.csc, mt.dateline FROM $tablepretasks t LEFT JOIN $tablepremytasks mt ON mt.taskid=t.taskid AND mt.uid='$discuzuid' WHERE $sql AND t.available='2' $newbieadd ORDER BY displayorder, taskid DESC LIMIT $startlimit, $tpp";...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/30 12:0 a.m.15 views

gxcms 1.5 /core/lib/action/home/hitsaction.class.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/30 12:0 a.m.55 views

XDCMS 3.0.1 /system/modules/xdcms_login.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/30 12:0 a.m.27 views

Discuz 7.2 /search.php SQL注入漏洞

在文件/include/searchsort.inc.php150行@includeonce DISCUZROOT.'./forumdata/cache/threadsort'.$selectsortid.'.php'; 这个$selectsortid变量没有做过任何处理,而且最后进入到了170行的SQL语句$query = $db-query"SELECT tid FROM $tablepreoptionvalue$selectsortid ".$sqlsrch ? 'WHERE '.$sqlsrch : ''."";...

7AI score
Exploits0
seebug.org
seebug.org
added 2014/07/30 12:0 a.m.25 views

WiFi HD v7.3.0 iOS - Multiple Vulnerabilities

No description provided by source. Document Title: =============== WiFi HD v7.3.0 iOS - Multiple Web Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1283 Release Date: ============= 2014-07-29 Vulnerability Laboratory ID VL-ID:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/30 12:0 a.m.19 views

U-mail某鸡肋代码注入导致敏感信息泄漏(demo测试成功)

简要描述: RT 详细说明: 漏洞文件:api/api.php:670行 $do = trim $GET'do' ; if functionexists $do $do ; else echo "paramerror"; exit ; 直接来个动态函数,可惜没有参数可控,只能控制$do,所以可以鸡肋的用来读些敏感信息如phpinfo/phpcredits等 漏洞证明: 官网demo: http://mail.comingchina.com/webmail/api/api.php?do=phpinfo...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.18 views

EasyTalk X2.5存储型XSS一枚

简要描述: EasyTalk X2.5存储型XSS一枚 详细说明: 在发起投票时允许添加投票说明 在该处没有进行XSS过滤 漏洞证明: 直接看图说话啦 插入xss后burp抓包修改...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.131 views

WQCMS 6.0 /admin_wqSwfUpload.aspx 文件上传漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.39 views

利用骑士cms的一次纠结的渗透测试过程(两个潜在而被忽略的漏洞分析)

简要描述: 今天下载了骑士cms的最新版本,由于好久以前一个哥们发了一个后台拿shell的漏洞,还有别人发的一个sql注入的漏洞,一个有意思的渗透测试过程就从这两个地方开始了,成功的拿下了某大型人才网站的服务器,过程算比较艰辛吧,由于附带了对其实cms的漏洞重新分析,并且加入了自己新的利用方法,所以这里提交到了通用漏洞 详细说明: 第一步 我们分析一个老的sql注入问题: 文件job/plus/ajaxcommon.php:lines:88-100 if empty$GET'query' exit; $gbkquery=trim$GET'query'; if...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.24 views

Oxwall 1.7.0 - Multiple CSRF And HTML Injection Vulnerabilities

No description provided by source. !-- Oxwall 1.7.0 Multiple CSRF And HTML Injection Vulnerabilities Vendor: Oxwall Software Foundation Product web page: http://www.oxwall.org Affected version: 1.7.0 build 7907 and 7906 Summary: Oxwall is unbelievably flexible and easy to use PHP/MySQL social...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.16 views

qibocms多个系统绕过补丁继续注入

简要描述: (最后更新于2014-7-28) 附件: 安全补丁.rar 218 K 下载次数:15582 看到更新补丁了 再来看看。 绕过这补丁 当然 绕过了这补丁的话 也是通杀qibo多个系统。 详细说明: 之前发的 WooYun: qibocms V7 整站系统最新版SQL注入一枚 & 另外一处能引入转义符的地方。 ———————————————————————————————— 下载了个补丁下来看看 看了看member目录 竟然没有看到上次我发的那个post.php 我以为没做修复了呢 后来看了看全局文件 inc/common.inc.php中 $POST=AddS$POST;...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.27 views

天柏在线培训系统政府版用户注册存储xss

简要描述: 上海天柏信息科技有限公司的系统 天柏在线培训系统政府版用户注册存在存储xss 详细说明: http://www.timber2005.com/Customer.html 客户案例 在官网的给的政府版demo上测试的成功 用户注册地址:http://px3.timber2005.com/System/StuUserRegist.aspx 用户名之类的存在存储型xss漏洞 漏洞证明: 先去注册一个用户,用户名写入测试xss代码: 然后使用官网给的后台管理密码到后台的用户管理就会发现xss代码执行了...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.10 views

DouPHP 1.1 /guestbook.php SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.45 views

Oxwall 1.7.0 - Remote Code Execution Exploit

No description provided by source. !/usr/bin/env python Oxwall 1.7.0 Remote Code Execution Exploit Vendor: Oxwall Software Foundation Product web page: http://www.oxwall.org Affected version: 1.7.0 build 7907 and 7906 Summary: Oxwall is unbelievably flexible and easy to use PHP/MySQL social...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.28 views

一步步击溃PHPYUN(另类方法绕过防注入)

简要描述: 由某处SQL注入引起,最终通过组合漏洞击溃PHPYUN 详细说明: 测试版本:PHPYUN 3.1 GBK beta 20140728 PHPYUN使用了两套waf,一套自己写的,一套360的,从第一套开始。 \data\db.safety.php: quotesGPC; // 效果:addslashes if$config'syistemplate'!='1' || md5md5$config'sysafekey'.$GET'm'!=$POST'safekey' foreach$POST as $id=$v safesql$id,$v,"POST",$config; $id...

7.9AI score
Exploits0
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.21 views

KesionICMS(.net)可无视任何条件前台getshell

简要描述: KesionICMS除了自带的文章、图片、下载系统外还可以在文章、图片、下载三个系统模型的基础上自定义出功能模型比如房产系统,酒店系统,图片系统,软件下载等;自定义表单助您轻松打造在线报名,举报投诉等功能。10年开发经验的优秀团队,在掌握了丰富的WEB开发经验和CMS产品开发经验的同时,勇于创新追求完美的设计理念,力争为全球更多网站提供助力,并被更多的政府机构、教育机构、事业单位、商业企业、个人站长所认可。 详细说明: KesionICMS某个频道上传功能的地方有缺陷,导致漏洞形成。 本漏洞测试的时候无需登录,即可进行操作。...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.53 views

某通用型电子采购平台存在任意文件上传漏洞GETSHELL

简要描述: 详细说明: 1.看看前人提交的漏洞: WooYun: 某通用型电子采购平台SQL注射(涉及大量企业) ,说的是注入漏洞,后来仔细研究发现存在一个编辑器存在任意文件上传可导致批量Getshell,影响危害极大。 厂商: http://www.ng.com/ 北京网达信联科技发展有限公司 关键字(构造的不是很好): 2.Getshell漏洞。 /ftb.imy.aspx 可以直接上传asp文件 漏洞证明: 【声明以下案例仅供CNCERT、CNVD复现测,其它人不得利用或使用其恶意破坏,否则后果自负!】 3.案例测试:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.18 views

PageAdmin 3.0 /e/member/mem_idx.aspx 登录绕过漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.27 views

某投稿系统通用型SQL注射漏洞(影响众多企事业单位及学校)

简要描述: 某投稿系统通用型SQL注射漏洞 详细说明: 南京杰诺瀚软件科技有限公司的投稿系统SQL注射漏洞 intitle:投稿系统 技术支持:南京杰诺瀚软件科技有限公司 Web/Login.aspx 页面的 username 参数存在问题 DBA 权限注射 URL:...

7.4AI score
Exploits0
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.29 views

Ubiquiti UbiFi / mFi / AirVision - CSRF Vulnerability

No description provided by source. Vendor Homepage: http://www.ubnt.com/ Tested on: Kali Linux ----------------------------------------- Affected Products/Versions: ----------------------------------------- UniFi Controller v2.4.6 mFi Controller v2.0.15 AirVision Controller v2.1.3 Note: Previous...

3.7CVSS8.7AI score0.01284EPSS
Exploits6
seebug.org
seebug.org
added 2014/07/29 12:0 a.m.23 views

PHPYun 3.1 /weixin/model/index.class.php 任意文件下载漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/28 12:0 a.m.18 views

DirPHP 1.0 - LFI Vulnerability

No description provided by source. !/usr/bin/env python -- coding:utf-8 -- from pocsuite.net import req from pocsuite.poc import Output, POCBase from pocsuite.utils import register class TestPOCPOCBase: vulID = '87159' version = '1' vulDate = '1406390400' createDate = '1442937600' references =...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/28 12:0 a.m.12 views

Yonyou e-HR /hrss/rm/ResetPwd.jsp SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/28 12:0 a.m.16 views

qibocms下载系统 注入&另外一个老问题

简要描述: RT. 详细说明: 下载地址 http://bbs.qibosoft.com/down2.php?v=download1.0down 0x01 老问题 在download/inc/job/downencode.php中 iferegi'.php',$url header"location:$trueurl"; exit; $webdbupfileType = strreplace' ','|',$webdbupfileType; iffileexistsROOTPATH."$webdbupdir/$url" && eregi"$webdbupfileType$",$url &...

7.2AI score
Exploits0
seebug.org
seebug.org
added 2014/07/28 12:0 a.m.24 views

Moodle 2.7 - Persistent XSS

No description provided by source. Title: Moodle 2.7 Persistent XSS Vendor: https://moodle.org/ Moodle advisory: https://moodle.org/mod/forum/discuss.php?d=264265 Researched by: Osanda Malith Jayathissa @OsandaMalith E-Mail: osandacatunseen.is Original write-up:...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/28 12:0 a.m.22 views

DIR320 1.21 /show_info.php 信息泄露漏洞

No description provided by source...

7.1AI score
Exploits0
seebug.org
seebug.org
added 2014/07/28 12:0 a.m.13 views

Chinavvv /template/govlead_temp1.jsp SQL注入漏洞

No description provided by source...

7.1AI score
Exploits0
Total number of security vulnerabilities56796