New pages

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)

• 16:04, 10 July 2021 ‎磊科NI360路由器登錄繞過漏洞/zh-hant (hist | edit) ‎[154 bytes] ‎Pwnwiki (talk | contribs) (Created page with "磊科NI360路由器登錄繞過漏洞")
• 16:04, 10 July 2021 ‎網禦星雲-安全網關SAG系列&LeadSec系列 後台命令執行漏洞/zh-tw (hist | edit) ‎[630 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==弱口令==")
• 16:04, 10 July 2021 ‎中慶納博教育雲平臺敏感信息泄露&未授權訪問漏洞/zh-hant (hist | edit) ‎[771 bytes] ‎Pwnwiki (talk | contribs) (Created page with "訪問此鏈接，可以看見洩露用戶名，以及管理id。然後可以通過 用戶名重置密碼為默認密碼123456")
• 16:03, 10 July 2021 ‎寶塔面板未授權訪問phpMyAdmin漏洞/zh-hant (hist | edit) ‎[2,178 bytes] ‎Pwnwiki (talk | contribs) (Created page with "寶塔面板未授權訪問phpMyAdmin漏洞")
• 16:02, 10 July 2021 ‎極通EWEBS casmain.xgi 任意文件讀取漏洞/zh-hant (hist | edit) ‎[587 bytes] ‎Pwnwiki (talk | contribs) (Created page with "極通EWEBS")
• 16:01, 10 July 2021 ‎CVE-2019-10999 D-Link路由器 緩衝區錯誤漏洞/zh-tw (hist | edit) ‎[284 bytes] ‎Pwnwiki (talk | contribs) (Created page with "CVE-2019-10999 D-Link路由器 緩衝區錯誤漏洞")
• 15:55, 10 July 2021 ‎CNVD-2021-17369 銳捷Smartweb管理系統 密碼信息洩露漏洞/zh-tw (hist | edit) ‎[493 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==默認guest密碼==")
• 15:49, 10 July 2021 ‎CNVD-2019-06255 CatfishCMS遠程命令執行漏洞/zh-hant (hist | edit) ‎[200 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞影響==")
• 15:49, 10 July 2021 ‎網禦星雲-網頁防篡改系統古老版本多個漏洞/zh-tw (hist | edit) ‎[606 bytes] ‎Pwnwiki (talk | contribs) (Created page with "密碼都是：Admin%100")
• 15:47, 10 July 2021 ‎用友 NC bsh.servlet.BshServlet 遠程命令執行漏洞/zh-tw (hist | edit) ‎[174 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==參考==")
• 15:45, 10 July 2021 ‎中慶納博教育雲平臺敏感信息泄露&未授權訪問漏洞/zh-tw (hist | edit) ‎[771 bytes] ‎Pwnwiki (talk | contribs) (Created page with "中慶納博教育雲平臺敏感信息泄露&未授權訪問漏洞")
• 15:43, 10 July 2021 ‎騎士CMS模版註入 &文件包含getshell漏洞/zh-tw (hist | edit) ‎[1,024 bytes] ‎Pwnwiki (talk | contribs) (Created page with "騎士cms人才系統，是一項基於PHP+MYSQL為核心開發的一套免費 + 開源專業人才網站系統。軟件具執行效率高、模板自由切換、後台管理...")
• 15:41, 10 July 2021 ‎YApi 未授權用戶創建&Mock遠程命令執行漏洞/zh-hant (hist | edit) ‎[1,205 bytes] ‎Pwnwiki (talk | contribs) (Created page with "添加接口，訪問接口的mock地址")
• 15:41, 10 July 2021 ‎凡諾CMS 未授權訪問&文件包含Getshell漏洞/zh-hant (hist | edit) ‎[461 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==未授權訪問==")
• 15:40, 10 July 2021 ‎小額貸款系統0day/zh-hant (hist | edit) ‎[277 bytes] ‎Pwnwiki (talk | contribs) (Created page with "後台任意文件上傳")
• 15:36, 10 July 2021 ‎久其財務報表 download.jsp 任意文件讀取漏洞/zh-hant (hist | edit) ‎[348 bytes] ‎Pwnwiki (talk | contribs) (Created page with "發送以下請求：")
• 15:35, 10 July 2021 ‎安卓版TikTok RCE漏洞/zh-hant (hist | edit) ‎[3,950 bytes] ‎Pwnwiki (talk | contribs) (Created page with "現在我們可以用一個惡意庫覆蓋native-libraries來執行我們的代碼。除非用戶重新啟動Application，否則它不會被執行。")
• 15:35, 10 July 2021 ‎數字化校園平台 校園綜合管理系統 任意文件上傳漏洞/zh-hant (hist | edit) ‎[172 bytes] ‎Pwnwiki (talk | contribs) (Created page with "企業相關證書處可以任意上傳文件，可以直接Getshell。")
• 15:33, 10 July 2021 ‎安天追影威脅分析系統越權訪問漏洞/zh-hant (hist | edit) ‎[385 bytes] ‎Pwnwiki (talk | contribs) (Created page with "再次訪問首頁成功進入頁面")
• 15:33, 10 July 2021 ‎藍凌OA 任意代碼執行漏洞/zh-hant (hist | edit) ‎[154 bytes] ‎Pwnwiki (talk | contribs) (Created page with "藍凌OA 任意代碼執行漏洞")
• 15:33, 10 July 2021 ‎安卓版TikTok XSS漏洞/zh-hant (hist | edit) ‎[1,225 bytes] ‎Pwnwiki (talk | contribs) (Created page with "即便驗證不是在javascript方案上，也可以使用該方案對該WebView進行XSS攻擊。")
• 15:33, 10 July 2021 ‎指導方針/zh-hant (hist | edit) ‎[3,715 bytes] ‎Pwnwiki (talk | contribs) (Created page with "任何對此方針的編輯都必須反映社群共識，否則請先於[https://forums.pwnwiki.org 社區]發起討論。")
• 15:31, 10 July 2021 ‎泛微ecology OA數據庫配置信息洩露/zh-hant (hist | edit) ‎[964 bytes] ‎Pwnwiki (talk | contribs) (Created page with "泛微ecology OA數據庫配置信息洩露")
• 15:31, 10 July 2021 ‎泛微OA E-cology（CNVD-2019-32204）遠程命令執行漏洞/zh-hant (hist | edit) ‎[513 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==漏洞利用==")
• 15:28, 10 July 2021 ‎流量管控系統0day/zh-hant (hist | edit) ‎[248 bytes] ‎Pwnwiki (talk | contribs) (Created page with "流量管控系統0day")
• 15:27, 10 July 2021 ‎米拓建站系統 getshell&命令執行漏洞/zh-hant (hist | edit) ‎[807 bytes] ‎Pwnwiki (talk | contribs) (Created page with "訪問以下url：")
• 15:27, 10 July 2021 ‎網禦星雲-網頁防篡改系統古老版本多個漏洞/zh-hant (hist | edit) ‎[667 bytes] ‎Pwnwiki (talk | contribs) (Created page with "operator(操作員)")
• 15:26, 10 July 2021 ‎致遠OA A6 test.jsp SQL注入漏洞/zh-hant (hist | edit) ‎[9,722 bytes] ‎Pwnwiki (talk | contribs) (Created page with "多個目標測試：")
• 15:22, 10 July 2021 ‎Monstra CMS 任意文件刪除漏洞/zh-hant (hist | edit) ‎[207 bytes] ‎Pwnwiki (talk | contribs) (Created page with "Monstra CMS 任意文件刪除漏洞")
• 15:22, 10 July 2021 ‎CVE-2019-19113 新蜂商城SQL注入漏洞 (hist | edit) ‎[698 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> newbee-mall version before 2019-10-23 ==POC== <pre> http://<target>/search?goodsCategoryId=&keyword=%5C%25%27%29%29%20...")
• 15:20, 10 July 2021 ‎CNVD-2020-10526 南京南軟科技有限公司 研究生管理信息系統 任意密碼修改漏洞/zh-hant (hist | edit) ‎[149 bytes] ‎Pwnwiki (talk | contribs) (Created page with "修改學號爲需要重置帳號密碼的帳號，保存即可。")
• 15:20, 10 July 2021 ‎Mysql LOAD DATA 客戶端任意文件讀取漏洞 (hist | edit) ‎[10,156 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC1== <pre> #!/usr/bin/python #coding: utf8 import socket # linux : #filestring = "/etc/passwd" # windows: #filestring = "C:\Windows\system32\drivers\etc\hosts" HOST = "0....")
• 15:17, 10 July 2021 ‎Monstra CMS 任意文件刪除漏洞 (hist | edit) ‎[243 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> Monstra CMS <= 3.0.4 ==POC== <pre> http://<target>/admin/index.php?id=backup&delete_file=/.......//./.......//./index....")
• 15:16, 10 July 2021 ‎CVE-2019-19886 ModSecurity 拒絕服務漏洞 (hist | edit) ‎[257 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==影響版本== </translate> ModSecurity 3.0 - 3.0.3 ==POC== <translate> 不斷向服務器發送此類請求將使工作線程反复崩潰 </trans...")
• 14:43, 10 July 2021 ‎MKCMS v5.0 任意密码重置漏洞 (hist | edit) ‎[429 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> <html> <body> <script>history.pushState('', '', '/')</script> <form action="http://v.micool.top/ucenter/repass.php" method="POST"> <input type="hid...")
• 14:43, 10 July 2021 ‎MKCMS v5.0 /ucenter/reg.php前台sql注入漏洞 (hist | edit) ‎[792 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> MKCMS v5.0 ==POC== <pre> POST /ucenter/reg.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac...")
• 14:16, 10 July 2021 ‎CVE-2017-5961 IonizeCMS XSS漏洞 (hist | edit) ‎[317 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> <=Ionize 1.0.8 ==POC== <pre> http://<target>/testcmsofgithub/ionize-master/ionize-master/themes/admin/javascript/tinym...")
• 14:15, 10 July 2021 ‎CVE-2016-3714 ImageMagick 命令執行漏洞 (hist | edit) ‎[518 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> mageMagick 6.5.7-8 ImageMagick 6.7.7-10 <6.9.3-9 released ==POC== <pre> push graphic-context viewbox 0 0 640 4...")
• 14:12, 10 July 2021 ‎CVE-2020-24739 Icms v7.0.15 CSRF漏洞 (hist | edit) ‎[657 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<pre> https://<target>/work/work1/admincp.php?app=members&do=del&id=3&frame=iPHP&CSRF_TOKEN= <img src="http://url/work/work1/admincp.php?app=members&do=del&id=1&frame=iPHP&CSR...")
• 14:10, 10 July 2021 ‎ESPCMS 前台反射型XSS漏洞 (hist | edit) ‎[693 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> ESPCMS vP8.18101601 ==Request== <pre> POST /index.php?ac=Search&at=List HTTP/1.1 Host: <target> User-Agent: Mozilla/5....")
• 14:09, 10 July 2021 ‎Epage SQL注入漏洞 (hist | edit) ‎[2,196 bytes] ‎Pwnwiki (talk | contribs) (Created page with "==POC== <pre> import requests import time print("Blind SQL injection in php Serialize POC") url=input("Target url:") url += "/bin/ptsearch.php?wc=a:3:{s:3:\"Key\";s:@:\"*\";s...")
• 10:12, 10 July 2021 ‎Wyomind Help Desk 1.3.6 XSS/遍歷/Shell上傳漏洞 (hist | edit) ‎[10,476 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==影響版本== </translate> Version: <= 1.3.6 ==EXP== <pre> # Exploit Title: Wyomind Help Desk 1.3.6 - Remote Code Execution (RCE) # Date: 2021-0...")
• 10:11, 10 July 2021 ‎Online Covid Vaccination Scheduler System 1.0 Shell 上傳漏洞 (hist | edit) ‎[9,282 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<pre> # Exploit Title: Online Covid Vaccination Scheduler System 1.0 - Arbitrary File Upload to Remote Code Execution (Unauthenticated) # Date: 2021-07-07 # Exploit Author: fa...")
• 10:08, 10 July 2021 ‎Polkit D-Bus 身份驗證繞過漏洞 (hist | edit) ‎[16,131 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<pre> ## # This module requires Metasploit: https://metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require 'unix_crypt' class Me...")
• 10:05, 10 July 2021 ‎CVE-2021-28113 Okta Access Gateway 2020.5.5 遠程代碼執行漏洞 (hist | edit) ‎[4,027 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<pre> Okta Access Gateway v2020.5.5 Post-Auth Remote Root RCE CVE-2021-28113 ======= Details ======= There are two command injection bugs can that be triggered after authen...")
• 22:32, 9 July 2021 ‎Zoo Management System 1.0 - 'Multiple' XSS漏洞 (hist | edit) ‎[1,688 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<pre> # Exploit Title: Zoo Management System 1.0 - 'Multiple' Stored Cross-Site-Scripting (XSS) # Date: 08/07/2021 # Exploit Author: Subhadip Nag # Vendor Homepage: https://ph...")
• 13:21, 9 July 2021 ‎中慶納博教育雲平臺敏感信息泄露&未授權訪問漏洞/zh-cn (hist | edit) ‎[770 bytes] ‎Xc1ym (talk | contribs) (Created page with "中庆纳博教育云平台敏感信息泄露&未授权访问漏洞")
• 09:25, 9 July 2021 ‎中慶納博教育雲平臺敏感信息泄露&未授權訪問漏洞 (hist | edit) ‎[807 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<languages /> ==FOFA== <pre> "中庆纳博" </pre> ==POC== <translate> 訪問此鏈接，可以看見洩露用戶名，以及管理id。然後可以通過 用戶名重置密...")
• 21:49, 8 July 2021 ‎CNVD-2020-58411 Misstar Tools 小米路由器 未授權訪問漏洞 (hist | edit) ‎[192 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<languages /> ==FOFA== <pre> app="Misstar-Tools-小米路由器" </pre> ==POC== <pre> http://<target>:1024/ </pre> <translate> 新增FTP賬戶，重啓FTP服務。 </tran...")
• 21:47, 8 July 2021 ‎CVE-2019-18371 （小米） Xiaomi Mi WiFi R3G 任意文件讀取漏洞 (hist | edit) ‎[1,868 bytes] ‎Pwnwiki (talk | contribs) (Created page with "<languages /> <translate> ==漏洞影響== </translate> Xiaomi Mi WiFi R3G 2.28.23-stable previous version ==POC== ===arbitrary_file_read_vulnerability.py=== <pre> import os...")

(newest | oldest) View (newer 50 | older 50) (20 | 50 | 100 | 250 | 500)