MYSTERY ZILLION တွင် English သို့မဟုတ် Unicode ဖြင့်သာ အသုံးပြုခွင့်ရှိသည်။ ဇော်ဂျီ ၊ ဧရာ စသည်တို့ကို အသုံးပြုခွင့် မရှိ။ Unicode fonts များမှာ Mon3,Yunghkio, Myanamr3 စသည်များ အသုံးပြုနိုင်သည်။ Unicode Guide ကို ဒီမှာ Download ချပါ။ Zawgyi to Unicode Converter
Don't share ebook or software if nobody request. You can find free book websites on here. We are welcome for discussion or asking question instead.

Some Hole in MZ

edited April 2009 in Project
ကိုစေတန်၏ Ornagai လည်း မှားပြီး နာမည်ကျော်ပါစေဟု ဆုတောင်းမိသည်။

aah...!
dun wish to become a fighting post


so, lemme tell abt the vulns of mz

for the first, althought the mz forum transfers the user login credentials with the encodings, phproxy transfers with the plain text. so, it can be consider that as a vulnerability

for the second, mz dun check the duplication error and it can lead to the huge attack.

for the third, mzedu doesn't restrict the directories with .htaccess properly and the attacker can search for the exploits easily

for the fourth, mz also uploaded the mmglite.
i'd like to advise that mz should remove the mmglite coz it has tons of vulnerablities such as xss, shell execution etc....
i can make the demonstration but i think that i shouldn't make it coz the attackers would take advantages via these vulns and that's why i won't go for detail and i know that most of the ppls hate me (infofreakz) and istein:2:. moreover, there're some other members who will take their advantages via the members of mz. in this cas, i dun wish to mention with byname.

as the conclusion, i deeply hope that the admins and mods will fix these multiple vulnerabilities.:)

Remark
any suggestions are welcomed and if the administrators and moderators can edit or deny my post if it is necessary:)
(if icefire edit my post, i must claim)

မှတ်ချက်များ

  • edited April 2009 Registered Users
    here's the one of vuln of mmglite and i captured the img
    but, i sensored the pages and varialbles coz the attacker would take the advantage via this vuln. I've already informed to saturn and hopefully that he'll fix these multiple vulns.
    e2f059180e.jpg

    if u would like to see the image direct link, u can go to
    http://www.freeimagehosting.net/uploads/e2f059180e.jpg
  • edited April 2009 Administrators
    you should make new thread :)
    I will remove mmglite soon....
  • edited April 2009 Registered Users
    saturngod wrote: »
    you should make new thread :)
    I will remove mmglite soon....


    ok saturn, after u hav removed the mmglite, i'd like to make the demonstration how the attackers can perform the attacks and hijack the gmail accounts via the vulns of mmglite. i'd like to make this demonstration coz now, i found the ppls frm myanmar r weak in security knowledge coz as u see in today, most of the ppls dun know the several attacks even what the SQL injection is.:2:

    so, if i have the chance to make the demonstration, i'd like to share these knowledges to the others to prevent from the hijackings from the attackers.
    so if possible, pls upload mmglite in any free hostings and pls send me the source code of mmglite (i can't coz my connection is deadly deadly deadly slow:2:).
Sign In or Register to comment.