[KAPDA::#46] - Nukedit Unauthorized Admin Add

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: [KAPDA::#46] - Nukedit Unauthorized Admin Add
From: farhadkey@xxxxxxxx
Date: 29 May 2006 19:09:53 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

[KAPDA::#46] - Nukedit Unauthorized Admin Add

KAPDA New advisory

Vulnerable product : Nukedit <= 4.9.6
Vendor: http://www.nukedit.com
Vulnerability: Unauthorized Admin Add

Date :
--------------------
Found : 2006/05/10
Vendor Contacted : N/A
Release Date : 2006/05/29

About Nukedit :
--------------------
Nukedit is a Content Management System (CMS).

Vulnerable page:
--------------------
utilities/register.asp

PoC:
--------------------
HTML PoC : http://kapda.ir/attach-1661-nukedit.txt
Save this code as .htm and then execute.
This exploit will create an admin acount .
Then login with your email ! + your password .

Solution:
--------------------
Update to new version of nukedit .

Original Advisory:
--------------------
http://www.kapda.ir/advisory-337.html

Credit :
--------------------
FarhadKey of KAPDA
farhadkey [at} kapda <d0t> net
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir

Prev by Date: multiple Xss exploits in : vCard 2.9
Next by Date: Re: LM hashes in a hot-desking environment
Previous by thread: multiple Xss exploits in : vCard 2.9
Next by thread: Jiwa Financials - Reporting allows execution of arbitrary reports as SQL user with full permissions.
Index(es):
- Date
- Thread