Azdgdatingmedium 1 9 3

14-Jun-2016 06:12 by 8 Comments

Azdgdatingmedium 1 9 3 - Online sex

This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

azdgdatingmedium 1 9 3-18azdgdatingmedium 1 9 3-83azdgdatingmedium 1 9 3-24azdgdatingmedium 1 9 3-89

Az DGDating Medium Version 1.9.3 CSRF WHICH ALLOWS TO CREATE BACKDOOR ON TARGET [email protected] screen after successfull CSRF attack. code section:(XSS+CSRF+traversal)=========================SNIP====================After succesfull attack open: DGDating Medium/languages/zh/CTRL+U you will see whole config +admin password included. =================================EOF==================================================================Workaround about XSS vulns: Include it in your php (not tested with this CMS)====================BEGIN================','%0d%0a','document.write',',',' Char Code','..','document.cookie','cookie','eval','href','document.location','location.replace','window','onmouse','onblur','onfocus','onerror','\'','limit','javascript');foreach($commonpatterns as $myvals){if(stristr(urldecode($_SERVER[' QUERY_STRING']),$myvals)){ die('============================END===================================Vendor informed about vulns via e-mail.You will see something like this: vulns: Same section is also prone to XSS (Cross Site Scripting Vuln)A) DGDating Medium/admin/index.php? (Sat, +0500)Note: May be other versions affected but not tested.+++++++++As always My Special Thanks to:+++++++packetstormsecurity.orgpacketstormsecurity.compacketstormsecurity.netsecurityfocus.comcxsecurity.rusecurtiyvulns.comsecuritylab.ru1337day.&&to all AA Team + to all Azerbaijan Black Hat Z;)++++++++++++++++++++++++++++++++++++++++++++++++Thank you. do=tedit&c_temp_edit=default&dir=../include/&f=php%00&dir=../include/&f=php Note: Use null byte. SQL injection+CSRF:(In eg: to Create Denial Of Service (DOS) Condition)(BTW, it is a bit hard to exploit it and obtain something usefull)============Az DGDating Medium Version 1.9.3 CSRF+SQL INJECTION exploit========Vulnerable Code Section:/admin/index.php=============BEGIN SNIP============== case 'mess': if (! POST zapros qebul edildikde yoxlayirsan:csrfcheck($_POST['anticsrftokenize'],$_SESSION['csrftokenize']); Tokenler uygun olmadiqda xeberdarliq verirem en esasi ise skriptin isini dayandiriram./Aka Step**/function csrfcheck(&$val1,&$val2){if(! EL VURMA HECNEYE *******************************************/if($_SERVER[' REQUEST_METHOD']===' GET') // her bir GET requestde yaradiriq.{$_SESSION['csrftokenize']=sha1(md5(rand(51389,4895615454).md5(time())));// # debug echo '"; #/* sessiyani yaradiriq. Ve her bir skriptin baslangicindaprepareanticsrf(); funksiyasini cagirirsan. isset($_SESSION['oldbasecsrf']) || md5($_POST['anticsrftokenize'])! ==md5($_SESSION['oldbasecsrf'])){ die('';}function prepareanticsrf(){/* ************************** BEOF ANTI CSRF YOXLANMA UCUN.#main Container{padding-top:140px;}#hook_Block_Top Content{position:absolute;z-index:2;top:-140px;left:0;padding-top:0;}.button-pro.__gift{position:relative;padding:0 60px;background-repeat:no-repeat;box-shadow:none;font-size:15px;text-align:center;overflow:hidden;font-family: Arial, Helvetica,sans-serif;color:#fff;height:32px;line-height:32px;font-weight:400;background-image:url(//;background-color:#65a710}.button-pro.__gift:hover{background-position:0 -32px}.button-pro.__gift:active{background-position:0 -64px;line-height:34px}.islands .button-pro.__gift{background-image:url(//}@media (-webkit-min-device-pixel-ratio:1.5),(min-resolution:120dpi),(min-resolution:1.5dppx){.button-pro.__gift{background-image:url(//[email protected]);background-size:224px 96px!

important}.islands .button-pro.__gift{background-image:url(//[email protected]);background-size:288px 96px!

source: Azerbaijan Development Az DGDating Medium is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input.

An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site.

COLOR3 : COLOR4; $senddate=mysql2data($i['sendtime'], 0, 1);====================EOF SNIP===============Final notes:@2 developers of this script: Sorry Guys i can't get it to work with MYSQL 5.5.24 and i'm a bit lazy to edit all problematic sql queries. To fix CSRF things realize somethink like this (for $_POST requests)Same logic also applies to $_GET requests.=====================BEGIN(i know it is a bit paranoidal like me:)===================ve POST zapros invoke edildikde funksiyaya by reference oturulme edirsen asagidaki kimi.

C_TEMP.'/forum/smiles.php'; while ($i = mysql_fetch_array($result)) { $color = ($color == COLOR4) ?

is_numeric($lastdays)) $lastdays='0'; $keywords=cb($keywords); $msortby = " order by id desc"; // Important ///////////// $mid = " id ! C_MYSQL_MESSAGES." WHERE ".$mid.$mfromid.$mtoid.$mlastdays.$mkeywords; $result = mysql_query($sql) or die(mysql_error()); $tquery = mysql_query($tsql) or die(mysql_error()); $trows = mysql_fetch_array($tquery); $count = $trows['total']; if($count == "0") sprintm($w[110]); $str=$color=''; include_once C_PATH.'/templates/'.

  1. Skinny girl cha lines 03-Oct-2015 01:24

    I and Andrew got divorced through mutual understanding.

  2. best dating website canada 10-May-2016 10:36

    You might be terrified of what your partner will say or do if you tell them. He used to put you up on a pedestal…and now all he does is try to tear you down. From little things to big things, you feel like your partner never listens. They lie about things they don’t need to lie about. They can swear on their life that they are not lying. A healthy person is consistent in the way they treat people, regardless of their status. Your partner has a bad reputation or a tradition of “messy relationships”.

  3. updating business websites 22-Apr-2016 22:18

    This is where dating websites can be a great tool; there are a large amount of online resources available at your fingertips to help make this search a lot easier.