Baal Smart Form Lets Remote Users

Full Version: Baal Smart Form Lets Remote Users

GovernmentSecurity.org > The Archives > Exploit Articles

qcred11

Sep 27 2004, 04:42 AM

QUOTE

A vulnerability was reported in Baal Smart Form. A remote user can gain administrative access to the application.

It is reported that a remote user can exploit a flaw in the 'Admin Change Password' page to change the administrative password and then login with that password to gain administrative access.

A demonstration exploit URL is provided:

http://[target]/baalsmartform/regadmin.php

Impact: A remote user can change the administrative password to an arbitrary value and then login using the new password.

Source: http://www.securitytracker.com/alerts/2004/Sep/1011416.html

Kynroxes

Sep 27 2004, 09:30 PM

w00w00 nice human flaw !!
the malicious .php in order to reg the admin lol ...
ths qcred11 for all ...

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.