Dashboard Bypass Register New User or Admin

2018.06.10

L4663r666h05t (ID)

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: inurl:/dashboard/index.php/login/

# Exploit Title: Dashboard Bypass Register New User or Admin
# Google Dork: inurl:/dashboard/index.php/login/
# Date: 2018/06/10
# Exploit Author: L4663r666h05t
# Vendor Homepage: -
# Software Link: Chrome & Other Browser
# Version: All Version
# Tested on: Windows 10 x64
# CVE : N/A

1. Dorking on google or other search engine

2. Find the live website to test to exploit

Live Target:
http://lb3.dinkes.tangerangkab.go.id/dashboard/index.php/login/register_baru

3. You can register, type the username, password and email, and go to register
4. Verify the account first, and Login
5. Upload shell on profile photo. Use Tamper data or Burpsuite

To Open Shell, right click on your photo profile, Happy Hacking!!

####################################################

Thanks to: Berandal - Html404 - Mr.Adewa - Vlyn - h0d3_g4n - Morrocan Revolution & IndoXploit

####################################################

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Dashboard Bypass Register New User or Admin

Dork: inurl:/dashboard/index.php/login/

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.