37 lines
No EOL
1.2 KiB
Text
37 lines
No EOL
1.2 KiB
Text
--==+================================================================================+==--
|
|
--==+ Prozilla Top 100 1.2 Arbitrary Delete Stats Vulnerability +==--
|
|
--==+================================================================================+==--
|
|
|
|
|
|
|
|
Discovered By: t0pP8uZz & xprog
|
|
Discovered On:
|
|
Script Download: http://prozilla.net
|
|
DORK: inurl:"list.php?c=" top 100
|
|
Vendor Has Not Been Notified!
|
|
|
|
|
|
DESCRIPTION:
|
|
Prozilla Top 100 1.2 is vulnerable due to very bad validating on there $_GET urls.
|
|
this allows the remote attacker to delete the stats of a user of choice.
|
|
therefor pushing which ever site they want to the top of the list.
|
|
|
|
|
|
Vulnerbility:
|
|
http://site.com/delete.php?s=[id]
|
|
|
|
|
|
NOTE/TIP:
|
|
replace [id] with the actual site id you want to reset the stats for.
|
|
you must first regster and login for this too work. note that it will delete your user account too.
|
|
|
|
|
|
GREETZ: milw0rm.com, h4ck-y0u.org, CipherCrew!
|
|
|
|
|
|
|
|
--==+================================================================================+==--
|
|
--==+ Prozilla Top 100 1.2 Arbitrary Delete Stats Vulnerability +==--
|
|
--==+================================================================================+==--
|
|
|
|
# milw0rm.com [2008-04-06] |