Jump to content

Search the Community

Showing results for tags 'contact manager'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Occupation


Interests


Biography


Location

Found 1 result

  1. Contact Manager 1.0 - (femail) Parameter SQL Injection Vulnerability Author: Ihsan Sencan | Category: web applications | Platform: php Date add: 18-09-2017 | Risk: [Security Risk High] | 0day-ID: 0day-ID-28566 # # # # # # Exploit Title: Contact Manager 1.0 - SQL Injection # Dork: N/A # Date: 15.09.2017 # Vendor Homepage: http://savsofteproducts.com/ # Software Link: http://www.contactmanagerscript.com/download/contact_manager_1380185909.zip # Demo: http://contactmanagerscript.com/demo/ # Version: 1.0 # Category: Webapps # Tested on: WiN7_x64/KaLiLinuX_x64 # CVE: N/A # # # # # # Exploit Author: Ihsan Sencan # Author Web: http://ihsan.net # Author Social: @ihsansencan # # # # # # Description: # The vulnerability allows an attacker to inject sql commands.... # # Vulnerable Source: # # ............. # <a href="login.php?forgot=1">Forgot Password ?</a> # <?php # if(isset($_REQUEST["forgot"])){ # if($_REQUEST["forgot"]=="2"){ # $result=mysql_query("select * from co_setting where Email='$_REQUEST[femail]' "); # $count=mysql_num_rows($result); # if($count==1) # # { # # $npass=rand("5556","99999"); # # $to = $row['femail']; # $subject = "Password Reset"; # $message = "New Primary Password is: $npass \r\n"; # $headers = "From: $Email"; # # $npass=md5($npass); # # $query="update co_setting set Password='$npass' where Email='$_REQUEST[femail]'"; # mysql_query($query); # ............. # # Proof of Concept: # # http://localhost/[PATH]/login.php?forgot=2&femail=[SQL] # # Etc.. # # # # # # 0day.today [2017-09-18] # Source: 0day.today
×
×
  • Create New...