CVE-2006-4584
published 2006-09-06CVE-2006-4584: Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.
PriorityP349high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
4.54%
90.4th percentile
Tr Forum 2.0 allows remote attackers to bypass authentication and add an administrative account via the login and password parameters to admin/insert_admin.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tr_forum | tr_forum | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TR Forum 1.5 - Cross-Site Request Forgery (Add Admin)
exploitdb·2010-04-25
CVE-2006-4584 TR Forum 1.5 - Cross-Site Request Forgery (Add Admin)
TR Forum 1.5 - Cross-Site Request Forgery (Add Admin)
---
| # Title : TR Forum 1.5 insert admin CSRF Vulnerability
| # Author : EL-KAHINA
| # email : No-Mail
| # Home : www.iqs3cur1ty.com/vb
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)
| # Bug : CSRF
====================== Exploit By indoushka =================================
# Exploit :
insert admin CSRF :
Ajouter un modérateur
login
password
email
Greetz : Exploit-db Team
all my friend :(Dz-Ghost Team )
im indoushka's sister
Exploit-DB
TR Forum 2.0 - SQL Injection / Bypass Security Restriction
exploitdb·2006-09-04
CVE-2006-4586 TR Forum 2.0 - SQL Injection / Bypass Security Restriction
TR Forum 2.0 - SQL Injection / Bypass Security Restriction
---
#!/usr/bin/perl
#
# Affected.scr..: Tr Forum V2.0
# Poc.ID........: 10060903
# Type..........: SQL Injection, Bypass Security Restriction
# Risk.level....: Medium
# Vendor.Status.: Unpatched
# Src.download..: comscripts.com/scripts/php.tr-forum.1579.html
# Poc.link......: acid-root.new.fr/poc/10060903.txt
# Credits.......: DarkFig
#
# /membres/modif_profil.php => Profil modification (you can choose the id of the member)
# /membres/change_mdp.php => Password modification ( same... )
# /admin/insert_admin.php => Second admin (only del post)
# /admin/editer.php => SQL Injection without quote
#
# You don't need to crack passwd hashes (for the admin panel)...
# Go to the admin panel (/admin/), enter the username and the hash (not
No writeups or analysis indexed.
http://acid-root.new.fr/poc/10060903.txthttp://secunia.com/advisories/21754http://securityreason.com/securityalert/1508http://securitytracker.com/id?1016788http://www.osvdb.org/28544http://www.securityfocus.com/archive/1/445079/100/0/threadedhttp://www.securityfocus.com/bid/19834http://www.vupen.com/english/advisories/2006/3452https://exchange.xforce.ibmcloud.com/vulnerabilities/28754https://www.exploit-db.com/exploits/2297http://acid-root.new.fr/poc/10060903.txthttp://secunia.com/advisories/21754http://securityreason.com/securityalert/1508http://securitytracker.com/id?1016788http://www.osvdb.org/28544http://www.securityfocus.com/archive/1/445079/100/0/threadedhttp://www.securityfocus.com/bid/19834http://www.vupen.com/english/advisories/2006/3452https://exchange.xforce.ibmcloud.com/vulnerabilities/28754https://www.exploit-db.com/exploits/2297
2006-09-06
Published