Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[KAPDA::#46] - Nukedit Unauthorized Admin Add

from [farhadkey] Network Security [Permanent Link]
Subject: [KAPDA::#46] - Nukedit Unauthorized Admin Add
Date: 29 May 2006 19:09:53 -0000 
[KAPDA::#46] - Nukedit Unauthorized Admin Add

KAPDA New advisory

Vulnerable product : Nukedit <= 4.9.6
Vendor: http://www.nukedit.com
Vulnerability: Unauthorized Admin Add

Date :
--------------------
Found : 2006/05/10
Vendor Contacted : N/A
Release Date : 2006/05/29

About Nukedit :
--------------------
Nukedit is a Content Management System (CMS).

Vulnerable page:
--------------------
utilities/register.asp

PoC:
--------------------
HTML PoC : http://kapda.ir/attach-1661-nukedit.txt
Save this code as .htm and then execute.
This exploit will create an admin acount .
Then login with your email ! + your password .

Solution:
--------------------
Update to new version of nukedit .

Original Advisory:
--------------------
http://www.kapda.ir/advisory-337.html

Credit :
--------------------
FarhadKey of KAPDA
farhadkey [at} kapda <d0t> net
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [KAPDA::#46] - Nukedit Unauthorized Admin Add, farhadkey <=
Previous by Date:  WikiNi Persistent Cross Site Scripting Vulnerability, raphael . huck
Next by Date:  Re: LM hashes in a hot-desking environment, The Little Prince
Previous by Thread:  WikiNi Persistent Cross Site Scripting Vulnerability, raphael . huck
Next by Thread:  [Full-disclosure] Backdoor in RelevantKnowledge adware (What are we fighting for?), 3APA3A
Indexes:  [Date] [Thread] [Top] [All Lists]