-
Last Updated: Sep 02, 2018
- by VulnSpy Labs
2018年9月1日,阿里云态势感知发布预警,近日利用ECShop全系列版本的远程代码执行漏洞进行批量化攻击量呈上升趋势,该漏洞可直接导致网站服务器沦陷,黑客可通过WEB攻击直接获得服务器权限,利用简单且危害较大。
-
Last Updated: Sep 02, 2018
- by VulnSpy Labs
2018年9月1日,阿里云态势感知发布预警,近日利用ECShop全系列版本的远程代码执行漏洞进行批量化攻击量呈上升趋势,该漏洞可直接导致网站服务器沦陷,黑客可通过WEB攻击直接获得服务器权限,利用简单且危害较大。
-
Last Updated: Aug 31, 2018
- by VulnSpy Labs
Discuz! X1.5 to X2.5 数据库备份功能文件 source/admincp/admincp_db.php 存在命令注入漏洞,允许攻击者通过该漏洞执行任意系统命令。
-
Last Updated: Aug 31, 2018
- by VulnSpy Labs
Discuz! X1.5 to X2.5's database backup function in file source/admincp/admincp_db.php allows remote attackers to execute arbitrary PHP code.
-
Last Updated: Aug 30, 2018
- by VulnSpy Labs
RIPSTECH PHP security challenges, each challenge consists of a new PHP code snippet for your review. Within these code snippets a different security vulnerability is hidden. Sometimes the security risk is obvious but seems to be patched, sometimes a rather unknown vulnerability type affects the code. Different types of security vulnerabilities, sanitization approaches, and user input origins are used in each challenge for a great learning experience. The solution is available at the end of each post. Specifically developers that are new to the security field can learn about various pitfalls and tricks of PHP that are exploited by attackers. You can use our daily challenge to train your security skills and to get fit for 2018.
-
Last Updated: Aug 30, 2018
- by VulnSpy Labs
RIPSTECH PRESENTS PHP SECURITY CALENDAR 是由 RIPS 团队出品的PHP代码安全审计挑战系列题目,RIPSTECH PRESENTS PHP SECURITY CALENDAR 2017 共包含24道题目,每道题目将包含一个较新颖的知识点供大家学习。该教程将使用 VULNSPY 的在线测试环境来演示这系列题目漏洞利用演示。
-
Last Updated: Aug 23, 2018
- by VulnSpy Labs
WordPress 2.3-4.8.3 password reset function directly uses the HTTP_HOST as part of the password reset mail's header, which can be exploited by an attacker to steal the content of the password reset mail.
-
Last Updated: Aug 23, 2018
- by VulnSpy Labs
WordPress 2.3-4.8.3 的找回密码功能在发送找回密码邮件的过程中直接使用 Host 地址作为邮件请求头的一部分,攻击者可利用该功能窃取找回密码邮件内容。
-
Last Updated: Aug 09, 2018
- by VulnSpy Labs
The load-scripts.php file in WordPress does not limit the number and size of files during the loading of JS files, attackers can use this function to deplete server resources and launch denial of service attacks. This article will use VulnSpy's online environment to demonstrate the exploit of this vulnerability.
-
Last Updated: Aug 09, 2018
- by VulnSpy Labs
WordPress 中的 load-scripts.php 文件在载入 JS 文件的过程中未对文件数量和大小进行限制,攻击者可利用该功能耗尽服务器资源发起拒绝服务攻击。本文将使用VulnSpy的在线实验环境来对漏洞进行复现和测试。
-
Last Updated: Jun 27, 2018
- by VulnSpy Labs
WordPress is the most popular CMS on the web. According to w3tech, it is used by approximately 30% of all websites. This wide adoption makes it an interesting target for cyber criminals. RIPS Team disclosed an Arbitrary File Deletion Vulnerability at Jun. 26, 2018: WARNING: WordPress File Delete to Code Execution
-
Last Updated: Jun 27, 2018
- by VulnSpy Labs
WordPress是如今使用最为广泛的一套内容管理系统。根据 w3tech 统计,全世界大概有30%的网站运行着WordPress程序。昨日RIPS团队公开了一个Wordpress的任意文件删除漏洞(需要登录),目前该漏洞仍然未修复(2018年06月27日),该漏洞影响 Wordpress 最新版 4.9.6.
-
Last Updated: Jun 21, 2018
- by VulnSpy Labs
A new Critical CSRF Vulnerability discovered in widely used phpMyAdmin open source admin tool allows an attacker perform harmful database operation such as DROP TABLE, MODIFY PASSWORD.
-
Last Updated: Jun 21, 2018
- by VulnSpy Labs
ChaMd5安全团队公开了一个phpMyAdmin最新版中的本地文件包含漏洞。该漏洞利用不要求root帐号,只需能够登录 phpMyAdmin 便能够利用。在这篇文章中我们将使用VulnSpy[在线 phpMyAdmin 环境来演示该漏洞的利用。
-
Last Updated: Jun 11, 2018
- by VulnSpy Labs
A new Critical CSRF Vulnerability discovered in widely used phpMyAdmin open source admin tool allows an attacker perform harmful database operation such as DROP TABLE, MODIFY PASSWORD.
-
Last Updated: Jun 10, 2018
- by VulnSpy Labs
phpMyAdmin是个知名MySQL/MariaDB在线管理工具,phpMyAdmin团队在4.7.7版本中修复了一个危害严重的CSRF漏洞 PMASA-2017-9 ,攻击者可以通过诱导管理员访问恶意页面,悄无声息地执行任意SQL语句。
-
Last Updated: Jun 07, 2018
- by VulnSpy Labs
Fiyo CMS, Fix It Your Own~. Fiyo CMS is one of hundreds Content Management System available on the internet. Fiyo CMS is a software that allows a person to add and / or manipulating (changing) the content of a Web site.
-
Last Updated: Jun 05, 2018
- by VulnSpy Labs
OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.
-
Last Updated: Jun 05, 2018
- by VulnSpy Labs
Typecho is a PHP Blogging Platform. Simple and Powerful. Typecho是一个简单,轻巧的博客程序。基于PHP,使用多种数据库(Mysql,PostgreSQL,SQLite)储存数据。
-
Last Updated: Jun 05, 2018
- by VulnSpy Labs
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
Content hijacking proof-of-concept using Flash, PDF and Silverlight.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
WordPress is a free and open-source content management system (CMS) based on PHP and MySQL. To function, WordPress has to be installed on a web server, which would either be part of an Internet hosting service or a network host in its own right.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
DVWA-WooYun是一个基于DVWA的PHP+Mysql漏洞模拟练习环境,通过将乌云主站上的有趣漏洞报告建模,以插件形式复现给使用该软件的帽子们,可以让乌云帽子们获得读报告体验不到的真实感,在实践的过程中可以无缝隙地深入理解漏洞的原理及利用方式。DVWA-WooYun is a plugin-set for DVWA, with plugins based on wooyun.org real bug reports. DVWA-WooYun is a plugin-set for DVWA , with plugins based on wooyun.org real bug reports.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
SQLI labs to test error based, Blind boolean based, Time based.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
DVWA是用PHP+MySQL编写的一套用于常规Web漏洞教学和检测的Web脆弱性测试程序,包含了SQL注入、XSS、盲注等常见的一些安全漏洞。旨在为安全专业人员测试自己的专业技能和工具提供合法的环境,帮助web开发者更好的理解web应用安全防范的过程。
