|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 66
Members: 0
Total: 66
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Need help with an exploit ! |
|
Posted: Sun Feb 08, 2009 9:34 pm |
|
|
NYDAz |
Advanced user |
|
|
Joined: Jan 26, 2009 |
Posts: 109 |
Location: Valley of the Kings |
|
|
|
|
|
|
|
_________________ A person who never made a mistake never tried anything new. |
|
|
|
|
|
|
|
Posted: Sun Feb 08, 2009 11:59 pm |
|
|
one23 |
Advanced user |
|
|
Joined: Dec 12, 2008 |
Posts: 98 |
|
|
|
|
|
|
|
Which Exploit You're Talking about ?
This CMS Have 3 Vuln Which is
ByPass Admin Login , SQL , XSS
Well , If The Site Was Vulnerable So These
3 Exploits Should Work , If Not , It's Mean Patched !
1. Bypass
With This Exploit You Can Bypass Admin Login
And Login As Admin username !
2. Remote SQL Injection
It's SQL Injection Bug And You Should Insert This Query
In Serach.php [Filed]
---
' union select admin_username,admin_password,3,4,5,6 from mnl_admin/*
---
So You Will Get Admin Username + Password !
3. XSS
Cross Site Scripting ...
Example :
Go inTo search.php And Insert This :
>"><script>alert("One23 @ Waraxe")</script>>
~OR
>"><script><LINK REL="stylesheet" HREF="somefile.CSS"></script>>
and ...
Hope This Help .
Have Fun ^^ |
|
|
|
|
|
|
|
|
Posted: Mon Feb 09, 2009 12:29 am |
|
|
NYDAz |
Advanced user |
|
|
Joined: Jan 26, 2009 |
Posts: 109 |
Location: Valley of the Kings |
|
|
|
|
|
|
Yeah ... I think they're patched
Thanks for the nice tutorial |
|
_________________ A person who never made a mistake never tried anything new. |
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|