Cloud Security

Title: WordPress MM Duplicate plugin Author: Miroslav Stampar (miroslav. stampar (at) gmail.com @ stamparm www.2cto.com): Http://downloads.wordpress.org/plugin/mm-duplicate.zipTest version: 1.2 (tested) ---Test Method---A http://www.bkjia.com/index.

From: www.0855. TVBy: Mr. DzYDate: 2011/08/25 The enterprise website system is a small-sized enterprise website source code customized for small and medium-sized enterprises. The code is made public for free and can be modified and learned on its

Title: WordPress SendIt plugin Keyword: inurl: "wp-content/plugins/sendit/submit. php"Author: evilsocket (evilsocket [at] gmail [dot] com) www.2cto.com: Http://wordpress.org/extend/plugins/sendit/Tested version: 1.5.9 (tested with magic quotes OFF)  

Author: Qingtian Xiaozhu Test environment: discuz X1.5 + nginx 1.0Vulnerability file source/function/function_core.php, code: $ _ G ['setting'] ['domain '] ['app'] ['default'] & $ content = preg_replace ("/ Code: Http://www.bkjia.com/forum.

By Mr. DzY from www.0855. TV This system directory traversal problem was released some time ago. The official version has been revised after feedback.Today, a new version of Yothshop mall system was discovered.Insert a sentence into the database

Test environment: discuz X1.5 + nginx 1.0 Vulnerability file source/function/function_core.php, Code: $ _ G ['setting'] ['domain '] ['app'] ['default'] & $ content = preg_replace ("/ Code: Http://www.bkjia.com/forum. php/admin. php '/XXXXXXX.

Author: mer4en7y When I met this CMS in the afternoon, I looked at the code. The Check_SqlIn.asp anti-injection Code does not filter out the full injection vulnerability: 1) No cookie method is filtered and cookie injection is performed. 2)

Author: mer4en7yIt hurts.Check_ SQL .asp:'----- Filter the get query value.'----- Filter the single value of the post table.The get and post methods are filtered. Shownews. asp:Id = cstr (request ("id "))Set rsnews = Server. CreateObject ("ADODB.

Disqus is a world-famous real-time comment system. If you don't know about it, You can Google it yourself. Reprinted please indicate from: Silic Group Hacker Army first release Well, this vulnerability is too weak. In fact, news. php does not

Brief description:Some input locations are not strictly filtered, resulting in persistent XSS. You can obtain cookies to simulate logon and other usage methods.Detailed description:When job.chinaunix.net is used to modify personal information, the

Recently, we used a template for the zhirui enterprise website. (This template is downloaded from all major websites and marked as free use and free software.) I feel that the framework architecture is clear and simple, the most important version is

  Title: AdaptCMS 2.0.1 Multiple security vulnerabilities By Stefan Schurtz Affected Version: AdaptCMS 2.0.1 is successfully tested. Development Site: http://www.adaptcms.com/www.2cto.com   Status: repaired   Defect description:   AdaptCMS 2.0.1 has

  Brief description: Netease mail Flash attachments can be used to perform XSS attacks and obtain cookies, resulting in arbitrary Netease accounts. Detailed description: 1. Attackers compile the following as2 script into swf. Url = "javascript:

  Similarly, today I accidentally discovered --# Simulate the code locally. Explanation: the first statement echo the submitted content and the second statement executes the tracert command and returns Since it is the URL that tracert wants to

  2011-10-09 11: 51 eTopEIMS v1.0 vulnerability:   Author: mer4en7y Team: 90sec Blog: www.hi.baidu.com/alonecode   1) injection vulnerability. There are several Injection Vulnerabilities and only one code is pasted with news. php. Require_once

Author: thanks blog: http://hi.baidu.com/thanks4sec HDWIKI: http://kaiyuan.hudong.com/ Affected Versions: All HDWIKI versions   -----------------------------------   After searching for half a day, I couldn't find the echo, so I thought it was a

  This is actually a shell method !! Share with you ~~Most of the time we enter the website background and find that there is a backup function, but we cannot modify the file address we need to back up. This method can solve this problem... You can

Today, a bird in the group lost a background to help get shell. At first glance it's FCK, and it's all about getting the results... the PHP language is useless. The process is not important. Later, I opened various links at the front end and checked

  Previous: http://www.bkjia.com/Article/201110/108536.html You will never forget Non alphanumeric code in PHP Http://www.thespanner.co.uk/2011/09/22/non-alphanumeric-code-in-php/   Tiny PHP Shell Http://h.ackack.net/tiny-php-shell.html   These two

Title: [1024 CMS Version 1.1.0 beta (/complete-modules/forcedownload/force_download.php) Local File compression sion Vulnerability]Author: [Sangyun YOO] [I2SEC] www.2cto.com Email: yoosy0302 at naver dot comSoftware connection: