IceHrm Admin Weak Password

2019.11.16
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

Exploit Title: IceHrm Admin Weak Password Author: L4663r666h05t Vendor Homepage: https://icehrm.com/ Source Code: https://github.com/gamonoid/icehrm/ Risk: Medium Dork: intitle:"Ice Hrm Login" intext:"Forgot Password" How to? username/password = admin Note: You can't upload backdoor. Only jpg, upload these picture on profile update. Your path image: http://localhost/path/app/data/randomname.jpg http://localhost/app/data/randomname.jpg Result like: http://ppt.com.qa/HRMS/app/data/profile_image_1.jpg Thanks to Wonka - Mr.Vendetta_404 - Ardynlzu - Finn69 - IndonesianCode.Party - Exploiter.Id

References:

-


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top