Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/SecWiki/CMS-Hunter

CMS漏洞测试用例集合
https://github.com/SecWiki/CMS-Hunter

cms-hunter joomla phpcms wordpress

Last synced: about 2 months ago
JSON representation

CMS漏洞测试用例集合

Awesome Lists containing this project

README

        

# CMS-Hunter

### 简介

Content Management System Vulnerability Hunter

> 说明:目前来看,本项目会进行长期维护,有修改的建议或者想法欢迎联系作者。

***

### CMS 漏洞列表

#### Discuz

- [Discuz_<3.4_birthprovince_前台任意文件删除](Discuz/Discuz_<3.4_birthprovince_前台任意文件删除)

#### DedeCMS

- [DedeCMS_v5.7_shops_delivery_存储型XSS](DedeCMS/DedeCMS_v5.7_shops_delivery_存储型XSS)
- [DedeCMS_v5.7_carbuyaction_存储型XSS](DedeCMS/DedeCMS_v5.7_carbuyaction_存储型XSS)
- [DedeCMS_v5.7_友情链接CSRF_GetShell](DedeCMS/DedeCMS_v5.7_友情链接CSRF_GetShell)
- [DedeCMS V5.7 SP2后台存在代码执行漏洞](/DedeCMS/DedeCMS%20V5.7%20SP2后台存在代码执行漏洞)

#### Drupal

- [Drupal远程代码执行漏洞(CVE-2017-6920)](Drupal/Drupal远程代码执行漏洞(CVE-2017-6920))

#### FineCMS
- [FineCMS最新版5.0.8两处getshell](https://github.com/SecWiki/CMS-Hunter/tree/master/FineCMS/FineCMS%E6%9C%80%E6%96%B0%E7%89%885.0.8%E4%B8%A4%E5%A4%84getshell)

#### Joomla!
- [Joomla_3.7.0_SQL注入(CVE-2017-8917)](Joomla/Joomla_3.7.0_SQL注入(CVE-2017-8917))
- [Joomla_3.4.4-3.6.3_未授权创建特权用户(CVE-2016-8869)](Joomla/Joomla_3.4.4-3.6.3_未授权创建特权用户(CVE-2016-8869))

#### Metinfo

- [metinfo多个漏洞](/Metinfo/MetInfo%20V5.1.7)

#### Seacms

- [SeaCMS v6.45前台Getshell 代码执行](https://github.com/SecWiki/CMS-Hunter/tree/master/seacms/SeaCMS%20v6.45%E5%89%8D%E5%8F%B0Getshell%20%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C)

- [seacms6.54代码执行](https://github.com/SecWiki/CMS-Hunter/tree/master/seacms/seacms6.54%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C)

- [seacms 6.55 代码执行](https://github.com/SecWiki/CMS-Hunter/tree/master/seacms/seacms%206.55%20%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C)

- [seacms6.61 XSS](https://github.com/SecWiki/CMS-Hunter/blob/master/seacms/seacms6.61/seacms661.md)

- [Seacms6.61后台getshell](https://github.com/SecWiki/CMS-Hunter/blob/master/seacms/seacms6.61/seacms.md)

#### Struts

- [S2-048(CVE-CVE-2017-9791)](Struts/S2-048(CVE-CVE-2017-9791))

#### ThinkPHP

- [ThinkPHP_3.2.3-5.0.10_缓存函数设计缺陷](ThinkPHP/ThinkPHP_3.2.3-5.0.10_缓存函数设计缺陷)

#### ThinkSNS

- [ThinkSNS_V4 后台任意文件下载导致Getshell](/ThinkSNS/ThinkSNS_V4)

#### WordPress
- [WordPress_4.4_SSRF](WordPress/WordPress_4.4_SSRF)

- [WordPress_4.7_Info_Disclosure](WordPress/WordPress_4.7_Info_Disclosure)

- [WordPress_4.7.0-4.7.1_未授权内容注入](WordPress/WordPress_4.7.0-4.7.1_未授权内容注入)

- [[Wordpress <= 4.9.6 任意文件删除漏洞](https://github.com/SecWiki/CMS-Hunter/blob/master/WordPress/Wordpress%20%3C%3D%204.9.6%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4%E6%BC%8F%E6%B4%9E/Wordpress%20%3C%3D%204.9.6%20%E4%BB%BB%E6%84%8F%E6%96%87%E4%BB%B6%E5%88%A0%E9%99%A4%E6%BC%8F%E6%B4%9E.md)

#### PHPCMS
- [PHPCMS_v9.6.0_SQL注入](PHPCMS/PHPCMS_v9.6.0_SQL注入)
- [PHPCMS_v9.6.0_任意文件上传](PHPCMS/PHPCMS_v9.6.0_任意文件上传)
- [PHPCMS_v9.6.1_任意文件下载](PHPCMS/PHPCMS_v9.6.1_任意文件下载)
- [PHPCMS_v9.6.2_任意文件下载](PHPCMS/PHPCMS_v9.6.2_任意文件下载)

#### WebLogic

- [CVE-2017-3506 & CVE-2017-10271 XmlDecoder](https://github.com/SecWiki/CMS-Hunter/tree/master/WebLogic/CVE-2017-3506%20%26%20CVE-2017-10271)
- [CVE-2018-2628 T3 Deserialize](https://github.com/SecWiki/CMS-Hunter/tree/master/WebLogic/CVE-2018-2628)
- [CVE-2018-2628 bypassing CVE-2018-2893 T3 Deserialize](https://github.com/SecWiki/CMS-Hunter/tree/master/WebLogic/CVE-2018-2893)

### 项目维护

+ **ourren**(sina weibo @ourren)
+ **Anka9080**(sina weibo @Anka9080)
+ **sie504**
+ **Bearcat**

### 免责说明

请勿用于非法的用途,否则造成的严重后果与本项目无关。

### 参考链接

- [CxSecurity](https://cxsecurity.com)
- [Seebug](https://www.seebug.org/)

### 转载

转载请注明来自 https://github.com/SecWiki/CMS-Hunter

### 补充完善

欢迎大家补充完善 [[email protected]]([email protected])

©SecWiki 2017