##############################################################################
# #
# ...:::::Blogator-script 0.95 Change User Password Vulnerbility ::::.... #
##############################################################################
Virangar Security Team
www.virangar.org
www.virangar.net
Discoverd By :virangar security team(hadihadi)
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra
& all virangar members & all hackerz
vuln code in /_blogadata/include/init_pass2.php:
line 23: $id=$_GET['a'];
line 24:$email=$_GET['b'];
line 25: $mdp=$_GET['c'];
β¦
line 27: $sql_change_pass=mysql_query("UPDATE membre SET pass = '$mdp' WHERE id_membre = '$id' AND email LIKE '$email'
LIMIT 1");