19 matches found
EUVD-2006-2686
Malware in sbrugna...
PHP AGTC-Membership System <= 1.1a Arbitrary Add-Admin Exploit
No description provided by source. !/usr/bin/perl Note: adduser.php is accessable to a guest/any-user, but if you access through a browser you cant add admin, theres a hidden POST buried in the script, which contains the userlevel. Note: alot of sites run this script and they remove the powered b...
PHP AGTC-Membership System <= 1.1a Arbitrary Add-Admin Exploit
No description provided by source. !/usr/bin/perl Note: adduser.php is accessable to a guest/any-user, but if you access through a browser you cant add admin, theres a hidden POST buried in the script, which contains the userlevel. Note: alot of sites run this script and they remove the "powered...
PHP AGTC-Membership System <= 1.1a Arbitrary Add-Admin Exploit
Exploit for unknown platform in category web applications ============================================================== PHP AGTC-Membership System ; print "\nAdmin Usernamecreate's your admin username: "; chompmy $usr=; print "\nAdmin Passwordcreate's your admin password: "; chompmy $pwd=; my...
PHP-AGTC Membership System 1.1a - Arbitrary Add Admin
!/usr/bin/perl Note: adduser.php is accessable to a guest/any-user, but if you access through a browser you cant add admin, theres a hidden POST buried in the script, which contains the userlevel. Note: alot of sites run this script and they remove the "powered by" dork. Also you can get access t...
Authentication flaw
adduser.php in PHP-AGTC Membership AGTC-Membership System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin userlevel 4 privileges...
CVE-2007-5752
adduser.php in PHP-AGTC Membership AGTC-Membership System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin userlevel 4 privileges...
CVE-2007-5752
adduser.php in PHP-AGTC Membership AGTC-Membership System 1.1a does not require authentication, which allows remote attackers to create accounts via a modified form, as demonstrated by an account with admin userlevel 4 privileges...
CVE-2007-5752
CVE-2007-5752 affects the PHP-AGTC Membership System (AGTC-Membership) 1.1a. The vulnerability is in adduser.php, which does not require authentication, allowing remote attackers to create accounts via a modified form, demonstrated by an account with admin (userlevel 4) privileges. Documented imp...
PHP-AGTC membership system 1.1a Remote Add Admin Exploit
No description provided by source. !-- - Product : AGTC-Membership system - Version : 1.1a - Website : http://www.agtc.co.uk - Author : 0x90 - Homepage: WwW.0x90.CoM.Ar - Contact : Gunsat0x90dotcomdotar - Problem : Admin Added Access. -- form name="form1" method="post"...
PHP-AGTC Membership System 1.1a - Remote Add Admin
PHP-AGTC Membership System 1.1a - Remote Add Admin AGTC-Membership system v1.1a adduser Remote Add Admin Exploit User Name: Password: Email Address: milw0rm.com 2007-10-30...
PHP-AGTC membership system 1.1a Remote Add Admin Exploit
Exploit for unknown platform in category web applications ======================================================== PHP-AGTC membership system 1.1a Remote Add Admin Exploit ======================================================== AGTC-Membership system v1.1a adduser Remote Add Admin Exploit User...
PHP-AGTC Membership System 1.1a - Remote Add Admin
AGTC-Membership system v1.1a adduser Remote Add Admin Exploit User Name: Password: Email Address: milw0rm.com 2007-10-30...
agtc-addadmin.txt
AGTC-Membership system v1.1a adduser Remote Add Admin Exploit User Name: Password: Email Address:...
AGTC-Membership system v1.1a (adduser) Remote Add Admin Exploit
!-- - Product : AGTC-Membership system - Version : 1.1a - Website : http://www.agtc.co.uk - Author : 0x90 - HomePage : WwW.0x90.CoM.Ar - Contact : Gunsat0x90dotcomdotar - Problem : Admin Added Access. -- form name="form1" method="post" action="http://target/adduser.php" h3...
Cross site scripting
Cross-site scripting XSS vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address useremail parameter...
CVE-2006-2687
Cross-site scripting XSS vulnerability in adduser.php in PHP-AGTC Membership System 1.1a and earlier allows remote attackers to inject arbitrary web script or HTML via the email address useremail parameter...
CVE-2006-2687
CVE-2006-2687 is a cross-site scripting (XSS) vulnerability in adduser.php of the PHP-AGTC Membership System, affecting version 1.1a and earlier. The issue allows remote attackers to inject arbitrary web script or HTML via the email address parameter (useremail). NVD metrics assign a medium base ...
PHP AGTC-Membership system <= v1.1a XSS
PHP AGTC-Membership system = v1.1a XSS Discovered by: Nomenumbra Date: 23/5/2006 impact:moderate privilege escalation,possible defacement Ordinary users can add users to the user management system as well, or change their own email address, which isn't properly sanitized, thus allowing XSS as...