-
Last Updated: Dec 14, 2018
- by VulnSpy Labs
Many posts have pointed out that a malicious MySQL server can use the LOAD DATA LOCAL command to read arbitrary files from MYSQL clients. According to this article (chinese) phpMyAdmin开启远程登陆导致本地文件读取, We can read arbitrary file on phpMyAdmin server if $cfg['AllowArbitraryServer'] enabled.
-
Last Updated: Dec 14, 2018
- by VulnSpy Labs
有许多文章指出一个恶意的 MySQL 服务器可以利用LOAD DATA LOCAL命令来读取MYSQL客户端的任意文件。根据这篇公开的文章phpMyAdmin开启远程登陆导致本地文件读取,我们知道 phpMyAdmin 在AllowArbitraryServer开启(允许连接到任意MySQL服务器)的情况下(如云主机/云数据库提供商),可以利用该缺陷来读取phpMyAdmin服务器上的文件。
-
Last Updated: Dec 13, 2018
- by VulnSpy Labs
2018年12月07日 phpMyAdmin 发布安全公告PMASA-2018-6修复了一个由Transformation特性引起的本地文件读取漏洞,影响4.8.0~4.8.3版本,CVE编号CVE-2018-19968。Transformation是phpMyAdmin中的一个高级功能,通过Transformation可以对每个字段的内容使用不同的转换,每个字段中的内容将被预定义的规则所转换。比如我们有一个存有文件名的字段 ‘Filename’,正常情况下 phpMyAdmin 只会将路径显示出来。但是通过Transformation我们可以将该字段转换成超链接,我们就能直接在 phpMyAdmin 中点击并在浏览器的新窗口中看到这个文件。
-
Last Updated: Dec 13, 2018
- by VulnSpy Labs
On December 07, 2018, phpMyAdmin released a security bulletin PMASA-2018-6 to fix a local file reading vulnerability caused by the Transformation feature. The transformation feature from PHPMyAdmin allows to have a specific display for some columns when selecting them from a table. For example, it can transform links in text format to clickable links when rendering them.
-
Last Updated: Dec 10, 2018
- by VulnSpy Labs
ThinkPHP官方2018年12月9日发布重要的安全更新,修复了一个严重的远程代码执行漏洞。该更新主要涉及一个安全更新,由于框架对控制器名没有进行足够的检测会导致在没有开启强制路由的情况下可能的getshell漏洞,受影响的版本包括5.0和5.1版本,推荐尽快更新到最新版本。
-
Last Updated: Oct 23, 2018
- by VulnSpy Labs
jQuery-File-Upload is the second most starred jQuery project on GitHub, after the jQuery framework itself. The project was recently reported to have a three-year-old arbitrary file upload vulnerability that was fixed in the release of v9.22.2, but another serious command execution vulnerability was found in the VulnSpy team’s review of the code, this vulnerability allows attackers to execute arbitrary system commands by uploading malicious picture files.
-
Last Updated: Oct 23, 2018
- by VulnSpy Labs
jQuery-File-Upload 是 Github 上继 jQuery 之后最受关注的 jQuery 项目,该项目最近被披露出一个存在了长达三年之久的任意文件上传漏洞,该漏洞在随后发布的 v9.22.2 版本中被修复,但是在 VulnSpy 团队对代码的复查中发现了另外一个严重的命令执行漏洞,该漏洞允许攻击者通过上传恶意的图片文件来执行任意系统命令。
-
Last Updated: Oct 22, 2018
- by VulnSpy Labs
jQuery-File-Upload is the second most starred jQuery project on GitHub, after the jQuery framework itself. For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers. Remote code execution vulnerability in the PHP component
-
Last Updated: Oct 22, 2018
- by VulnSpy Labs
jQuery-File-Upload 是 GitHub 上排名第二的 jQuery 项目,jQuery-File-Upload在9.22.1以下版本存在任意文件上传漏洞,据消息该漏洞已经被广泛利用了三年之久。
-
Last Updated: Oct 20, 2018
- by VulnSpy Labs
Libssh Authentication Bypass Vulnerability (CVE-2018-10933)
-
Last Updated: Oct 20, 2018
- by VulnSpy Labs
Libssh 登录绕过漏洞利用 (CVE-2018-10933)
-
Last Updated: Oct 20, 2018
- by VulnSpy Labs
c0ny1/upload-labs是一个帮你总结所有类型的上传漏洞的靶场
-
Last Updated: Sep 02, 2018
- by VulnSpy Labs
2018年9月1日,阿里云态势感知发布预警,近日利用ECShop全系列版本的远程代码执行漏洞进行批量化攻击量呈上升趋势,该漏洞可直接导致网站服务器沦陷,黑客可通过WEB攻击直接获得服务器权限,利用简单且危害较大。
-
Last Updated: Sep 02, 2018
- by VulnSpy Labs
2018年9月1日,阿里云态势感知发布预警,近日利用ECShop全系列版本的远程代码执行漏洞进行批量化攻击量呈上升趋势,该漏洞可直接导致网站服务器沦陷,黑客可通过WEB攻击直接获得服务器权限,利用简单且危害较大。
-
Last Updated: Aug 31, 2018
- by VulnSpy Labs
Discuz! X1.5 to X2.5's database backup function in file source/admincp/admincp_db.php allows remote attackers to execute arbitrary PHP code.
-
Last Updated: Aug 31, 2018
- by VulnSpy Labs
Discuz! X1.5 to X2.5 数据库备份功能文件 source/admincp/admincp_db.php 存在命令注入漏洞,允许攻击者通过该漏洞执行任意系统命令。
-
Last Updated: Aug 30, 2018
- by VulnSpy Labs
RIPSTECH PRESENTS PHP SECURITY CALENDAR 是由 RIPS 团队出品的PHP代码安全审计挑战系列题目,RIPSTECH PRESENTS PHP SECURITY CALENDAR 2017 共包含24道题目,每道题目将包含一个较新颖的知识点供大家学习。该教程将使用 VULNSPY 的在线测试环境来演示这系列题目漏洞利用演示。
-
Last Updated: Aug 30, 2018
- by VulnSpy Labs
RIPSTECH PHP security challenges, each challenge consists of a new PHP code snippet for your review. Within these code snippets a different security vulnerability is hidden. Sometimes the security risk is obvious but seems to be patched, sometimes a rather unknown vulnerability type affects the code. Different types of security vulnerabilities, sanitization approaches, and user input origins are used in each challenge for a great learning experience. The solution is available at the end of each post. Specifically developers that are new to the security field can learn about various pitfalls and tricks of PHP that are exploited by attackers. You can use our daily challenge to train your security skills and to get fit for 2018.
-
Last Updated: Aug 22, 2018
- by VulnSpy Labs
WordPress 2.3-4.8.3 password reset function directly uses the HTTP_HOST as part of the password reset mail's header, which can be exploited by an attacker to steal the content of the password reset mail.
-
Last Updated: Aug 22, 2018
- by VulnSpy Labs
WordPress 2.3-4.8.3 的找回密码功能在发送找回密码邮件的过程中直接使用 Host 地址作为邮件请求头的一部分,攻击者可利用该功能窃取找回密码邮件内容。
-
Last Updated: Aug 09, 2018
- by VulnSpy Labs
WordPress 中的 load-scripts.php 文件在载入 JS 文件的过程中未对文件数量和大小进行限制,攻击者可利用该功能耗尽服务器资源发起拒绝服务攻击。本文将使用VulnSpy的在线实验环境来对漏洞进行复现和测试。
-
Last Updated: Aug 09, 2018
- by VulnSpy Labs
The load-scripts.php file in WordPress does not limit the number and size of files during the loading of JS files, attackers can use this function to deplete server resources and launch denial of service attacks. This article will use VulnSpy's online environment to demonstrate the exploit of this vulnerability.
-
Last Updated: Jun 27, 2018
- by VulnSpy Labs
WordPress is the most popular CMS on the web. According to w3tech, it is used by approximately 30% of all websites. This wide adoption makes it an interesting target for cyber criminals. RIPS Team disclosed an Arbitrary File Deletion Vulnerability at Jun. 26, 2018: WARNING: WordPress File Delete to Code Execution
-
Last Updated: Jun 27, 2018
- by VulnSpy Labs
WordPress是如今使用最为广泛的一套内容管理系统。根据 w3tech 统计,全世界大概有30%的网站运行着WordPress程序。昨日RIPS团队公开了一个Wordpress的任意文件删除漏洞(需要登录),目前该漏洞仍然未修复(2018年06月27日),该漏洞影响 Wordpress 最新版 4.9.6.
-
Last Updated: Jun 20, 2018
- by VulnSpy Labs
ChaMd5安全团队公开了一个phpMyAdmin最新版中的本地文件包含漏洞。该漏洞利用不要求root帐号,只需能够登录 phpMyAdmin 便能够利用。在这篇文章中我们将使用VulnSpy[在线 phpMyAdmin 环境来演示该漏洞的利用。
-
Last Updated: Jun 20, 2018
- by VulnSpy Labs
A new Critical CSRF Vulnerability discovered in widely used phpMyAdmin open source admin tool allows an attacker perform harmful database operation such as DROP TABLE, MODIFY PASSWORD.
-
Last Updated: Jun 10, 2018
- by VulnSpy Labs
A new Critical CSRF Vulnerability discovered in widely used phpMyAdmin open source admin tool allows an attacker perform harmful database operation such as DROP TABLE, MODIFY PASSWORD.
-
Last Updated: Jun 10, 2018
- by VulnSpy Labs
phpMyAdmin是个知名MySQL/MariaDB在线管理工具,phpMyAdmin团队在4.7.7版本中修复了一个危害严重的CSRF漏洞 PMASA-2017-9 ,攻击者可以通过诱导管理员访问恶意页面,悄无声息地执行任意SQL语句。
-
Last Updated: Jun 07, 2018
- by VulnSpy Labs
Fiyo CMS, Fix It Your Own~. Fiyo CMS is one of hundreds Content Management System available on the internet. Fiyo CMS is a software that allows a person to add and / or manipulating (changing) the content of a Web site.
-
Last Updated: Jun 05, 2018
- by VulnSpy Labs
OWASP Juice Shop is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
Typecho is a PHP Blogging Platform. Simple and Powerful. Typecho是一个简单,轻巧的博客程序。基于PHP,使用多种数据库(Mysql,PostgreSQL,SQLite)储存数据。
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
Content hijacking proof-of-concept using Flash, PDF and Silverlight.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
WordPress is a free and open-source content management system (CMS) based on PHP and MySQL. To function, WordPress has to be installed on a web server, which would either be part of an Internet hosting service or a network host in its own right.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
DVWA-WooYun是一个基于DVWA的PHP+Mysql漏洞模拟练习环境,通过将乌云主站上的有趣漏洞报告建模,以插件形式复现给使用该软件的帽子们,可以让乌云帽子们获得读报告体验不到的真实感,在实践的过程中可以无缝隙地深入理解漏洞的原理及利用方式。DVWA-WooYun is a plugin-set for DVWA, with plugins based on wooyun.org real bug reports. DVWA-WooYun is a plugin-set for DVWA , with plugins based on wooyun.org real bug reports.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
SQLI labs to test error based, Blind boolean based, Time based.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
Damn Vulnerable Web App (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goals are to be an aid for security professionals to test their skills and tools in a legal environment, help web developers better understand the processes of securing web applications and aid teachers/students to teach/learn web application security in a class room environment.
-
Last Updated: Jun 04, 2018
- by VulnSpy Labs
DVWA是用PHP+MySQL编写的一套用于常规Web漏洞教学和检测的Web脆弱性测试程序,包含了SQL注入、XSS、盲注等常见的一些安全漏洞。旨在为安全专业人员测试自己的专业技能和工具提供合法的环境,帮助web开发者更好的理解web应用安全防范的过程。
