JobHut = 1.2 (manageUsers) Remote password change Vulnerability

vendor:

JobHut

by:

ThE g0bL!N

8.8

CVSS

HIGH

Remote password change

264

CWE

Product Name: JobHut

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: Yes

Related CWE: N/A

CPE: jobhut

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

JobHut = 1.2 (manageUsers) Remote password change Vulnerability

A vulnerability in JobHut version 1.2 allows an attacker to remotely change the password and email of a user. The exploit can be accessed through the manageUser.php page in the administration folder.

Mitigation:

Upgrade to the latest version of JobHut, or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

--------------------------------------------------
JobHut = 1.2 (manageUsers) Remote password change  Vulnerability
----------------------------------------------------
founder : ThE g0bL!N
Script Download: http://jobhut.spranger.us/
version:<= 1.2
thx: to K-159 for 1 exploit
------------------------------------------------
exploit:
-------
http://localhost/administration/manageUser.php
and change pass and email

-------------------------------------------------------
Thnx:Dos-Dz Team Snakes TeaM
------------------------------------------------------
WWW.h4ckf0ru.com
---------------------------------------------------------
mission complete
---------------------------------------------------------

# milw0rm.com [2009-03-31]