|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[KAPDA::#46] - Nukedit Unauthorized Admin Add
farhadkey
kapda.ir
Date: Mon May 29 2006 - 14:09:53 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[KAPDA::#46] - Nukedit Unauthorized Admin Add
KAPDA New advisory
Vulnerable product : Nukedit <= 4.9.6
Vendor: http://www.nukedit.com
Vulnerability: Unauthorized Admin Add
Date :
--------------------
Found : 2006/05/10
Vendor Contacted : N/A
Release Date : 2006/05/29
About Nukedit :
--------------------
Nukedit is a Content Management System (CMS).
Vulnerable page:
--------------------
utilities/register.asp
PoC:
--------------------
HTML PoC : http://kapda.ir/attach-1661-nukedit.txt
Save this code as .htm and then execute.
This exploit will create an admin acount .
Then login with your email ! + your password .
Solution:
--------------------
Update to new version of nukedit .
Original Advisory:
--------------------
http://www.kapda.ir/advisory-337.html
Credit :
--------------------
FarhadKey of KAPDA
farhadkey [at} kapda <d0t> net
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]