Web安全
乐彼多语言网上商店系统 储存型 xss
乐彼多语言网上商店系统 储存型 xss 彩笔文。。大牛绕道。。user/Profile.aspx没有过滤 html标签 修改资料 填写 "><script>alert(0)</script>管理 员后台打开 会员列表就会触发后台可以编辑 文件 抓包得到Host: xxxxxi.cnUser-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; zh-CN; rv:1.9.2) Gecko
phpaacms(不是phpcms)越权添加管理员
这个cms是我在站长网下的,是我第一次挖到的漏洞,但也是目前第一个,可能是好高骛远,刚有个个小的就去挖有防御机制的了,之前在别的论坛发过,但论坛人多帖子多,不回复,看过的没过100人就沉了,这次期中考试花了我差不多一个月时间,一分钟网都没上过,有种要被封的危机感,无奈又发出来了代码://
DedeCms 会员中心注入漏洞
member/buy_action.phprequire_once(dirname(__FILE__)."/config.php");CheckRank(0,0);$menutype = 'mydede';$menutype_son = 'op';require_once DEDEINC.'/dedetemplate.class.php';$product = isset($product) ? trim($product) : '';$mid = $cfg_ml->M_ID;$ptype = '';$pname = '';$price = '';$mt
Kwok Information Server Blind Sql Injection
##=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+##|| |||| Advisory : Kwok Information Server Blind Sql Injection |||| Affected Version : 2.7.3 & 2.8.4 |||| Vendor : http://www.kwoksys.com/index.php |||| Risk : Medium |||| CVE-ID : 2013-5028 |||| Tested on Plat
WHMCS 5.2.8 Vulnerability
Here We Go again Po0r WHMCS new version again got exploited!THIS TIME IT'S again the same mistake in /includes/dbfunctions.phpWE Can manipulate the GET/POST variables and end up with something like $key = array('sqltype' => 'TABLEJOIN', 'value' = '');FROM THIS VULNERABILITYWE CAN
WordPress WP Realty Blind SQL Injection
$$$$$$\ $$\ $$\ $$$$$$\ $$ __$$\ $$ | $$ | $$ __$$\$$ / \__| $$ | $$ | $$ / \__|$$ |$$$$\ $$$$$$$$ | \$$$$$$\ $$ |\_$$ | $$ __$$ | \____$$\$$ | $$ | $$ | $$ | $$\ $$ |\$$$$$$ |$$\ $$ | $$ |$$\\$$$$$$ | \______/ \__|\__| \__|\_
WordPress WooCommerce 2.0.17跨站脚本
Wordpress WooCommerce Plugin 2.0.17 Cross-Site Scripting Vulnerability Vendor: WooThemesProduct web page: http://www.woothemes.comAffected version: 2.0.17 and 2.0.14 Summary: WooCommerce is an open source e-commerce plugin for WordPress. Desc: The plugin suffers from a XSS issue
WordPress awesome-support插件任意文件上传漏洞
Code:1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=00 _ __ __ __ 11 /' \ __ /'__`\ /\ \__ /'__`\ 00 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ __
PHPCMS SQL注入漏洞
edit_content方法位于: content_model.class.php 代码如下: //主表 $this->table_name = $this->db_tablepre.$model_tablename; $this->update($systeminfo,array('id'=>$id)); //附属表 $this->table_name = $this->table_name.'_data'; $this->update($modelinfo,array('id'=>$id)); $this->
(转载)dedecms(织梦)album_add.php sql注入漏洞
dedecms一处注入,较鸡肋,之前变量覆盖的漏洞太轰动了,所以一直没发出,之前5月份最新版本测试的,目前最新版本应该是没修复的漏洞需要会员,所以比较鸡肋啦 发表文章处,post表单的mtypesid可以注入 /dedecmsnew/member/album_add.php 注入POC:mtypesid=1'),("'",'0','1367930810','p','0','2','
