Today i just found another exploit in the PHP Voting System. The file /admin/candidates_add.php is vulnerable against unauthenticated file upload which can use for RCE. Exploit DB entry: https://www.exploit-db.com/exploits/49846 Vulnerable file candidates_add.php You just need to send a POST with multipart/form-data so you can upload any file you wish. There is no cookie or file […]
Web
PHP Voting System – Admin Authentication Bypass (SQLI)
Today i found a new exploit in the PHP Voting System. Exploit-DB entry: https://www.exploit-db.com/exploits/49843 The /admin/login.php is vulnerable against SQL injections and so you can bypass the admin authentication. login.php As you can see the first check if($query->num_rows < 1)against the username is only checking the number of rows. With the following statement you always […]
Hosting Anbieter im Vergleich
Ein Vergleich von deutschen Webspace und Hosting Anbietern. Viele Jahre hatte ich meine Domains sowie meinen Webspace bei Hosteurope gehostet, auch wenn ich schon seit einiger Zeit wusste, dass Hosteurope nicht der günstigste Anbieter ist, war ich (abgesehen von dem unübersichtlichen KIS Kontrollzentrum) recht zufrieden bei Hosteurope. Nachdem Hosteurope mittlerweile immer noch keine kostenlosen SSL […]
Activello Theme – show all categories
The Activello theme is a simple, clean and free WordPress theme from colorlib. As WordPress usual, you can add one or more categories to your posts. On the start page, the Activello default theme, only displays one of the linked categories from your post. All other categories will be added as a context menu and […]