TCPDB version 3.8 Add Admin Exploit

vendor:

TCPDB

by:

Mr.tro0oqy

7,5

CVSS

HIGH

Add Admin Exploit

264

CWE

Product Name: TCPDB

Affected Version From: 3.8

Affected Version To: 3.8

Patch Exists: Yes

Related CWE: N/A

CPE: tcpdb

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

TCPDB version 3.8 Add Admin Exploit

TCPDB version 3.8 is vulnerable to an Add Admin Exploit. An attacker can exploit this vulnerability by going to the user page and adding an admin. The demo page for this exploit is http://www.tcpdb.com/demo/user.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

=======================================================
+++++++++++++++++++ information +++++++++++++++++++++++
=======================================================
[+] Script :TCPDB version 3.8 Add Admin Exploit

[+] Download : http://www.tcpdb.com/modules.php?name=Downloads&d_op=viewdownload&cid=2

[+] Found by : Mr.tro0oqy
   
[+] C0ntact : t.4@windowslive.com <Yemeni ana>
=======================================================
+++++++++++++++++++++++ Exploit +++++++++++++++++++++++
=======================================================
step 1 : go to 

http://localhost/path/user


step 2 : add admin


=======================================================
++++++++++++++++++++++ Demo +++++++++++++++++++++++++
=======================================================


http://www.tcpdb.com/demo/user

=======================================================
++++++++++++++++++++++ Greetz +++++++++++++++++++++++++
=======================================================
ThE g0bL!N - spyboy - red virus - virus_hima

all my Friends

# milw0rm.com [2009-05-07]