CMS漏洞分析 - 随笔分类(第5页) - 郑瀚Andrew

MyBB \inc\class_core.php <= 1.8.2 unset_globals() Function Bypass and Remote Code Execution(Reverse Shell Exploit) Vulnerability

摘要：MyBB \inc\class_core.php <= 1.8.2 unset_globals() Function Bypass and Remote Code Execution(Reverse Shell Exploit) Vulnerability 阅读全文

posted @ 2016-01-25 10:55 郑瀚Andrew 阅读(528) 评论(0) 推荐(0) 编辑

ecshop /goods.php SQL Injection Vul

摘要：ecshop /goods.php SQL Injection Vul 阅读全文

posted @ 2016-01-15 17:23 郑瀚Andrew 阅读(821) 评论(0) 推荐(0) 编辑

应用服务器Glassfish任意文件读取漏洞

摘要：应用服务器Glassfish任意文件读取漏洞阅读全文

posted @ 2016-01-14 21:19 郑瀚Andrew 阅读(2242) 评论(0) 推荐(0) 编辑

Cacti /graphs_new.php SQL Injection Vulnerability

摘要：Cacti SQL Injection Vulnerability 阅读全文

posted @ 2016-01-05 11:30 郑瀚Andrew 阅读(1128) 评论(0) 推荐(0) 编辑

espcms /public/class_connector.php intval truncation Vul Arbitrary User Login

摘要：espcms /public/class_connector.php intval truncation Vul Arbitrary User Login 阅读全文

posted @ 2015-12-29 20:09 郑瀚Andrew 阅读(669) 评论(0) 推荐(0) 编辑

ESPCMS /adminsoft/control/citylist.php Int SQLInjection Vul

摘要：ESPCMS /adminsoft/control/citylist.php Int SQLInjection Vul 阅读全文

posted @ 2015-12-28 18:55 郑瀚Andrew 阅读(713) 评论(0) 推荐(0) 编辑

joomla \libraries\joomla\session\session.php 反序列化截断畸形字符串导致对象注入漏洞

摘要：joomla \libraries\joomla\session\session.php 反序列化截断畸形字符串导致对象注入漏洞阅读全文

posted @ 2015-12-16 20:26 郑瀚Andrew 阅读(1507) 评论(0) 推荐(0) 编辑

ThinkSNS thinksns\apps\w3g\Lib\Action\MessageAction.class.php SQL Injection Vul

该文被密码保护。

posted @ 2015-10-13 20:33 郑瀚Andrew 阅读(1) 评论(0) 推荐(0) 编辑

ThinkSNS addons\model\FeedModel.class.php SQL Injection Vul

该文被密码保护。

posted @ 2015-10-13 20:01 郑瀚Andrew 阅读(1) 评论(0) 推荐(0) 编辑

wordpress /wp-content/plugins/wp-symposium/server/php/UploadHandler.php File Arbitrary Upload Vul

摘要：wordpress /wp-content/plugins/wp-symposium/server/php/UploadHandler.php File Arbitrary Upload Vul 阅读全文

posted @ 2015-09-14 11:03 郑瀚Andrew 阅读(941) 评论(0) 推荐(0) 编辑

lumanager /Lib/Action/CommonAction.class.php Arbitrary user login By SQL Injection

该文被密码保护。

posted @ 2015-09-09 19:52 郑瀚Andrew 阅读(10) 评论(0) 推荐(0) 编辑

良精南方cms /inc/Check_Sql.asp SQL Injection Based On Cookie

摘要：良精南方cms /inc/Check_Sql.asp SQL Injection Based On Cookie 阅读全文

posted @ 2015-09-09 11:50 郑瀚Andrew 阅读(1777) 评论(0) 推荐(0) 编辑

phpweb /version.php Vul

摘要：phpweb /version.php Vul 阅读全文

posted @ 2015-09-09 08:44 郑瀚Andrew 阅读(626) 评论(0) 推荐(0) 编辑

绿麻雀p2p网贷系统前台\Style\header\Lib\Controller\AvatarFlashUpload.php FileUpload Vul

该文被密码保护。

posted @ 2015-09-08 15:11 郑瀚Andrew 阅读(3) 评论(0) 推荐(0) 编辑

Metinfo /admin/include/common.inc.php SQL Injection/Var Override Vul

该文被密码保护。

posted @ 2015-09-01 11:29 郑瀚Andrew 阅读(168) 评论(3) 推荐(0) 编辑

ApsCMS AspCms_SettingFun.asp、AspCms-qqkfFun.asp、AspCms_Slide.asp、AspCms_StyleFun.asp、login.asp、AspCms_CommonFun.asp Vul

摘要：ApsCMS AspCms_SettingFun.asp、AspCms-qqkfFun.asp、AspCms_Slide.asp、AspCms_StyleFun.asp、login.asp、AspCms_CommonFun.asp Vul 阅读全文

posted @ 2015-08-21 16:25 郑瀚Andrew 阅读(1072) 评论(0) 推荐(0) 编辑

ECMall /app/buyer_groupbuy.app.php SQL Injection Vul

摘要：ECMall /app/buyer_groupbuy.app.php SQL Injection Vul 阅读全文

posted @ 2015-08-14 20:13 郑瀚Andrew 阅读(573) 评论(0) 推荐(0) 编辑

FIneCMS /dayrui/libraries/Chart/ofc_upload_image.php Arbitrary File Upload Vul

摘要：FIneCMS /dayrui/libraries/Chart/ofc_upload_image.php Arbitrary File Upload Vul 阅读全文

posted @ 2015-08-14 12:23 郑瀚Andrew 阅读(1236) 评论(0) 推荐(0) 编辑

DayuCMS 1.525 /include/global.func.php Foreground Arbitrary Code Execution

摘要：DayuCMS 1.525 /include/global.func.php Foreground Arbitrary Code Execution 阅读全文

posted @ 2015-08-05 20:36 郑瀚Andrew 阅读(939) 评论(0) 推荐(0) 编辑

qibocms /hr/listperson.php File Arbitrarily Include Vul Via Variable Uninitialization && Front Page Upload WEBSHELL

摘要：qibocms /hr/listperson.php File Arbitrarily Include Vul Via Variable Uninitialization && Front Page Upload WEBSHELL 阅读全文

posted @ 2015-08-05 17:17 郑瀚Andrew 阅读(599) 评论(0) 推荐(0) 编辑

Han Zheng, Practitioners and Theoretical Researcher, Now working in Alibaba Cloud Corp, China

Welcome to contact me. Wechat：LittleHann，My email, 306211321@qq.com，Job mail：zhenghan.zh@alibaba-inc.com

随笔分类 - CMS漏洞分析

公告