Cloud Security

 Release date: 2011-01.23Author: eidelweiss Affected Version: phpcms v9 blindHttp://www.phpcms.cn Vulnerability Type: SQL InjectionVulnerability Description: phpcms v9 blind parameter filtering has the SQL injection vulnerability.    Google dork:

ComercioPlus is a virtual store system written in PHP. The pp_productos.php file in ComercioPlus 5.6 has the SQL injection vulnerability, which may cause sensitive information leakage. [+] Info:~~~~~~~~~# Exploit Title: Comerciosonline CMS SQLi#

 By k4shifz [w. s. t]Bbs.wolvez.orgThe last time I talked about daily group purchases, I used shell in the background.Background injection: inserts code into the database. Exp requires four parameters: $ host, $ path, $ formhash, and $ cookie. After

The pressure on Web and database servers has increased to several hundred times. Only after reading the logs can we know the general situation. Someone is refreshing the database and starting to manually process these IP addresses. After processing

The soul of an empty prodigal soul Let's talk about session persistence. Because the session will always expire, You need to refresh it all the time. Remember the session persistence tool written by cnqing. In fact, to attack wap, you do not need

By kxlzx http://www.inbreak.net This article uses the discuz session fixation vulnerability as an example to describe how to use Session Fixation to attack WAP websites. The Session Fixation vulnerability indicates that the web application does not

Yezi When encountering some special websites, you can try to use insert injection (for example, the message version of Shenma... the premise is that you must interact with the database)First, let's first understand the insert syntax.Insert into

CMS Lokomedia is a php-based content management system. CMS Lokomedia 1.5 has the Arbitrary File Upload Vulnerability, which may cause attackers to obtain the website shell. [+] Info:~~~~~~~~~CMS Lokomedia 1.5 Arbitary file upload

Recently pay attention to the utf7-BOM string injection, easily found instances: Http://music.10086.cn/newweb/jsp/v3_search/getDefaultKeywords.jsp? Callback = % 2B % 2Fv8% 20% bytes Bytes + ADwALwBoAHQAbQA

Generally, LINUX is a virtual host, which is difficult to escalate power and rebound. This vulnerability exists in MSF and PHP, so it cannot be detected...If you have a management platform, DirectAdminThen you can succeed. Default logon address:

Reference: html "> http://www.htbridge.ch/advisory/xsrf_csrf_in_feng_office.htmlProduct: Feng OfficeVendor: Secure Data SRL (http://www.fengoffice.com /)Vulnerable Version: 1.7.3.3 and probably prior versionsVendor Notification: 17 March

OrangeHRM is a human resource management system. The PluginController. php file in OrangeHRM 2.6.3 has a local file inclusion vulnerability, which may cause sensitive information leakage. [+] Info:~~~~~~~~~OrangeHRM 2.6.3 (PluginController. php)

Horizon Web Builder is a Web generation system developed using PHP. The fshow. php In Horizon Web Builder has the SQL injection vulnerability, which may cause sensitive information leakage. [+] Info:~~~~~~~~~Horizon Web Builder (fshow. php) SQL

Author: shangjianHello everyone,I am the final sword. Hake is now available today.,Share an original article Statement,Today, I testedBlog.WpProgram,No0 day,Go directly A registered website is displayed. After logging on to the system, you will find

Vulnerability Description: Classmates 1.1.1 is designed with defects, resulting in XSS cross-site vulnerabilities. Users can execute arbitrary JavaScript code in vulnerable applications. This vulnerability exists in the "/themes/default/header. inc.

PhpThumb is an open-source php thumbnail class. The phpThumb Information Leakage vulnerability may expose the absolute path of the system, OS flavor, application configuration information, and version information of other installed programs. [+]

Author: Lu renjia Vulnerability Type: Arbitrary Code Execution caused by File UploadVulnerability Description: the backend is not strictly filtered and the webshell is directly uploaded. Filter is a Filter, is allowed to upload type, see the http:/

Brief description: XSS + background upload, you knowDetailed Description: Siteserver XSS + webshell is randomly generated in the backgroundTest version: SiteServer V3.4.31. For the stored XSS website, www.xxx.com/UserCenter/main.aspx, click post,

# Name: Media In Spot LFI Vulnerability# Date: May, 16 2011# Vendor Url: http: http://www.mediainspot.com/ # Dork :""Powred By Media In Spot "" # Author: wlhaan haker ######################################## #####################Exploit:Http: //

[~] HomePage: http://h4x0resec.blogspot.com-http://1337day.comSpecial greetz to: and Endonesian Backtrack Team-0nto. me | 09exploit.comMy inj3ct0r Brothers .:)R0073r (~) Sid3 ^ effectS (~) R4dc0re (~) Indoushka (~) EXeSoul (~) Eidelweiss (~) SeeMe (~