Dashboard Bypass Register New User or Admin

2018.06.10
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Dashboard Bypass Register New User or Admin # Google Dork: inurl:/dashboard/index.php/login/ # Date: 2018/06/10 # Exploit Author: L4663r666h05t # Vendor Homepage: - # Software Link: Chrome & Other Browser # Version: All Version # Tested on: Windows 10 x64 # CVE : N/A 1. Dorking on google or other search engine 2. Find the live website to test to exploit Live Target: http://lb3.dinkes.tangerangkab.go.id/dashboard/index.php/login/register_baru 3. You can register, type the username, password and email, and go to register 4. Verify the account first, and Login 5. Upload shell on profile photo. Use Tamper data or Burpsuite To Open Shell, right click on your photo profile, Happy Hacking!! #################################################### Thanks to: Berandal - Html404 - Mr.Adewa - Vlyn - h0d3_g4n - Morrocan Revolution & IndoXploit ####################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top