Scripts

列表

TYPE	SCRIPT	DESCRIPTION
phpcms	v960_sqlinject_getpasswd	phpcmsv9.6.0 wap模块 sql注入 获取passwd
icms	v701_sqlinject_getadmin	icmsv7.0.1 admincp.php sql注入 后台任意登陆 admin权限
discuz	v34_delete_arbitary_files	discuz ≤ v3.4 任意文件删除
beecms	v40_fileupload_getshell	beecms ≤ V4.0_R_20160525 文件上传漏洞 getshell
semcms	v23_sqlinject_getadmin	semcms ≤ V2.3 sql注入 后台任意登陆 admin权限
joomla	v370_sqlinject_getuser	Joomla v3.7.0 sql注入 com_fields组件
drupal	v833_yamlseria_getshell	Drupal ≤ v8.3.3 yaml反序列化 远程命令执行漏洞 getshell
phpoko	v47_fileupload_getshell	phpok ≤ v4.7 文件上传漏洞 getshell
seascms	v655_eval_getshell	seacms ≤ v6.5.5 eval过滤不当 任意代码执行漏洞 getshell
seascms	v654_eval_getshell	seacms ≤ v6.5.4 eval过滤不当 任意代码执行漏洞 getshell
seascms	v654_eval_getshell	seacms ≤ v6.5.4 eval过滤不当 任意代码执行漏洞 getshell
niushop	v111_fileupload_getshell	niushop ≤ v1.1.1 文件上传漏洞 getshell
exponent	v238_fileupload_getshell	exponent≤ v2.3.8 文件上传漏洞 getshell CVE-2016-7095
exponent	v239_install_getshell	exponent≤ v2.3.9 配置文件写入漏洞 getshell CVE-2016-7565
tpshop	v208_preview_getshell	tpshop ≤ v2.0.8 preview页面 getshell
fiyocms	v207_fileupload_getshell	fiyocms≤ v2.0.7 文件上传漏洞 getshell CVE-2017-7625
fiyocms	v207_fileread_getconfig	fiyocms≤ v2.0.7 任意文件读取漏洞 获取config.php信息 CVE-2017-17104
duomicms	v132_sqlinject_getpasswd	duomicms≤ v1.3.2 sql注入 获取passwd
zzcms	v81_sqlinject_getpasswd	zzcms≤ v8.1 sql注入 获取passwd

分类

phpcms

• v960_sqlinject_getpasswd

discuz

• v34_delete_arbitary_files

icms

• v701_sqlinject_getadmin

beecms

• v40_fileupload_getshell

semcms

• v23_sqlinject_getadmin

joomla

• v370_sqlinject_getuser

drupal

• v833_yamlseria_getshell

phpok

• v47_fileupload_getshell

seacms

• v655_eval_getshell
• v654_eval_getshell
• v645_eval_getshell

niushop

• v111_fileupload_getshell

exponent

• v238_fileupload_getshell
• v239_install_getshell

tpshop

• v208_preview_getshell

duomicms

• v132_sqlinject_getpasswd

fiyocms

• v207_fileupload_getshell
• v207_fileread_getconfig

zzcms

• v81_sqlinject_getpasswd