-
Notifications
You must be signed in to change notification settings - Fork 161
Scripts
chybeta edited this page Jan 17, 2018
·
35 revisions
| TYPE | SCRIPT | DESCRIPTION |
|---|---|---|
| phpcms | v960_sqlinject_getpasswd | phpcmsv9.6.0 wap模块 sql注入 获取passwd |
| icms | v701_sqlinject_getadmin | icmsv7.0.1 admincp.php sql注入 后台任意登陆 admin权限 |
| discuz | v34_delete_arbitary_files | discuz ≤ v3.4 任意文件删除 |
| beecms | v40_fileupload_getshell | beecms ≤ V4.0_R_20160525 文件上传漏洞 getshell |
| semcms | v23_sqlinject_getadmin | semcms ≤ V2.3 sql注入 后台任意登陆 admin权限 |
| joomla | v370_sqlinject_getuser | Joomla v3.7.0 sql注入 com_fields组件 |
| drupal | v833_yamlseria_getshell | Drupal ≤ v8.3.3 yaml反序列化 远程命令执行漏洞 getshell |
| phpoko | v47_fileupload_getshell | phpok ≤ v4.7 文件上传漏洞 getshell |
| seascms | v655_eval_getshell | seacms ≤ v6.5.5 eval过滤不当 任意代码执行漏洞 getshell |
| seascms | v654_eval_getshell | seacms ≤ v6.5.4 eval过滤不当 任意代码执行漏洞 getshell |
| seascms | v654_eval_getshell | seacms ≤ v6.5.4 eval过滤不当 任意代码执行漏洞 getshell |
| niushop | v111_fileupload_getshell | niushop ≤ v1.1.1 文件上传漏洞 getshell |
| exponent | v238_fileupload_getshell | exponent≤ v2.3.8 文件上传漏洞 getshell CVE-2016-7095 |
| exponent | v239_install_getshell | exponent≤ v2.3.9 配置文件写入漏洞 getshell CVE-2016-7565 |
| tpshop | v208_preview_getshell | tpshop ≤ v2.0.8 preview页面 getshell |
| fiyocms | v207_fileupload_getshell | fiyocms≤ v2.0.7 文件上传漏洞 getshell CVE-2017-7625 |
| fiyocms | v207_fileread_getconfig | fiyocms≤ v2.0.7 任意文件读取漏洞 获取config.php信息 CVE-2017-17104 |
| duomicms | v132_sqlinject_getpasswd | duomicms ≤ v1.3.2 sql注入 获取passwd |
| duomicms | v132_eval_getshell | duomicms ≤ v1.3.2 search.php eval过滤不当 任意代码执行漏洞 getshell |
| zzcms | v81_sqlinject_getpasswd | zzcms≤ v8.1 sql注入 获取passwd |
| appcms | v20101_backdoor_getshell | appcms = v2.0.101 content_list.php后门 getshell |
| axublog | v106_sqlinject_getpasswd | axublog ≤ v1.0.6 hit.php sql注入 获得账号密码 |
| axublog | v106_sqlinject_getadmin | axublog ≤ v1.0.6 ad/login.php sql注入 后台管理员登陆 |
| easycms | v11_sqlinject_getpasswd | easycms ≤ v1.1 PersonAction.class.php sql注入漏洞 获取passwd |
| opensns | v280_fileupload_getshell | opensns ≤ v2.8.0 uploadPictureBase64.html 文件上传漏洞 getshell |
| iwebshop | v46_sqlinject_getpasswd | iwebshop ≤ 4.6 sql注入 获得管理员账号密码 |
| siteserver | v364_unauth_getpasswd | siteserver ≤ 3.6.4 未授权访问 获得管理员账号密码 |
- v960_sqlinject_getpasswd
- v34_delete_arbitary_files
- v701_sqlinject_getadmin
- v40_fileupload_getshell
- v23_sqlinject_getadmin
- v370_sqlinject_getuser
- v833_yamlseria_getshell
- v47_fileupload_getshell
- v655_eval_getshell
- v654_eval_getshell
- v645_eval_getshell
- v111_fileupload_getshell
- v238_fileupload_getshell
- v239_install_getshell
- v208_preview_getshell
- v132_sqlinject_getpasswd
- v132_eval_getshell
- v207_fileupload_getshell
- v207_fileread_getconfig
- v81_sqlinject_getpasswd
- v20101_backdoor_getshell
- v106_sqlinject_getpasswd
- v106_sqlinject_getadmin
- v11_sqlinject_getpasswd
- v280_fileupload_getshell
- v46_sqlinject_getpasswd
- v364_unauth_getpasswd