漏洞标题 CVE-2023-2813: Wordpress Multiple Themes - Reflected Cross-Site Scripting 漏洞描述 All of the above Aapna WordPress theme through 1.3, Anand WordPress theme through 1.2, A...

漏洞标题 CVE-2017-0929: DotNetNuke (DNN) ImageHandler <9.2.0 - Server-Side Request Forgery 漏洞描述 DotNetNuke (aka DNN) before 9.2.0 suffers from a server-side request forgery ...

漏洞标题 CVE-2018-9206: Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload 漏洞描述 Blueimp jQuery-File-Upload v9.22.0 contains an unauthenticated arbitrary file upload ...

环境 Kali： 192.168.132.131 靶机：192.168.132.146 靶机地址：http://www.vulnhub.com/entry/hacksudo-fog,697/ 一、信息收集 nmap -sP 192.168.132.0/24 nmap -p- -sC -sV 192.168.132.146 g...

漏洞标题 CVE-2017-18505: BestWebSoft's Twitter < 2.55 - Cross-Site Scripting 漏洞描述 The twitter-plugin plugin before 2.55 for WordPress has XSS. PoC代码

漏洞标题 CVE-2020-6308: SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery 漏洞描述 SAP BusinessObjects Business Intelligence Platform (Web Serv...

漏洞标题 CVE-2023-27638: tshirtecommerce PrestaShop Module - SQL Injection 漏洞描述 The tshirtecommerce module for PrestaShop is vulnerable to unauthenticated SQL injection via the...

漏洞标题 CVE-2025-54253: Adobe Experience Manager Forms - Insecure Deserialization 漏洞描述 Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration ...

漏洞标题 CVE-2019-10475: Jenkins build-metrics 1.3 - Cross-Site Scripting 漏洞描述 Jenkins build-metrics 1.3 is vulnerable to a reflected cross-site scripting vulnerability that al...

漏洞标题 CVE-2023-5815: News & Blog Designer Pack – WordPress Blog Plugin <= 3.4.1 - Unauthenticated Local File Inclusion 漏洞描述 The News & Blog Designer Pack WordPre...

漏洞标题 CVE-2022-29272: Nagios XI <5.8.5 - Open Redirect 漏洞描述 Nagios XI through 5.8.5 contains an open redirect vulnerability in the login function. An attacker can redirec...

下载：http://i0x0fy4ibf.feishu.cn/file/boxcnMcajKRWLrwW0s36QUQmEGf 简介： 信息收集 子域名收集 IP段收集 端口扫描 字典的收集与使用优化 字典的获取 通过字典突破的案例 字典的使用与优化 ...

让dirsearch充当爬虫的角色，xray对其传入的流量进行扫描。 xray：xray.exe webscan --listen 127.0.0.1:7776 --html-output reportdatetime.html dirsearch：-L URLLIST, --url-list=URLLIST ...

漏洞标题 CVE-2023-1880: Phpmyfaq v3.1.11 - Cross-Site Scripting 漏洞描述 Phpmyfaq v3.1.11 is vulnerable to reflected XSS in send2friend because the 'artlang' parameter is...

漏洞标题 CVE-2023-27847: PrestaShop xipblog - SQL Injection 漏洞描述 In the blog module (xipblog), an anonymous user can perform SQL injection. Even though the module has been patc...

漏洞标题 CVE-2010-1533: Joomla! Component TweetLA 1.0.1 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the TweetLA (com_tweetla) component 1.0.1 for Joomla!...