MiniNuke <= 1.8.2 remote user password change

--Security Report-- Advisory: MiniNuke CMS System <= 1.8.2 (membership.asp) remote user password change exploit --- Author: Mustafa Can Bjorn "nukedx a.k.a nuker" IPEKCI --- Date: 12/01/06 08:49 PM --- Contacts:{ ICQ: 10072 MSN/Email: nukedx@nukedx.com Web: http://www.nukedx.com } --- Vendor: MiniNuke (www.miniex.net) Version: 1.8.2 and prior versions must be affected. About:Via this method remote attacker can change any users password without login. --- How&Example: HTML Example [code] MiniNuke <= 1.8.2 remote user password change [/code] -- Regards, From the NWPX team, nuker a.k.a nukedx

Now fill in the blanks
Change password
PASSWORD:
PASSWORD Again :