CVE-2007-3630

AV Tutorial Script 1.0 - Unauthenticated Arbitrary Password Change via changePW.php

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-3630. PoCs published by Dj7xpl.

AI-analyzed exploit summary This exploit targets a password change vulnerability in avtutorial by sending a crafted POST request to changePW.php, allowing an attacker to reset the password of any user (including admin) to '123456'. It includes proxy support and basic error handling.

Description

changePW.php in AV Tutorial Script (avtutorial) 1.0 does not require authentication or knowledge of an old password for password changes, which allows remote attackers to change passwords for arbitrary users via a modified password parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Dj7xpl · phpwebappsphp

https://www.exploit-db.com/exploits/4163

View Code ZIP pw:eip

This exploit targets a password change vulnerability in avtutorial by sending a crafted POST request to changePW.php, allowing an attacker to reset the password of any user (including admin) to '123456'. It includes proxy support and basic error handling.

Classification

Working Poc 95%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: avtutorial (version not specified)

No auth needed

Prerequisites: Target server running avtutorial · Network access to the target · Knowledge of a valid user ID

MITRE ATT&CK