SW3 Solutions CMS Shell Upload thru weak default admin credentials

2021.02.12
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

[+] admin panel link: https://victim.com/mscp/ [+] default credentials: admin@victim.com ::: admin [+] bypass file upload in /mscp/catalog/products.php (I won't tell you how. LOL it's easy af) [+] use common sense to locate file destination DEMO : https://www.elevenwest.com.pk/ Credits: Bloos3rpent > http://www.zone-h.org/archive/notifier=Bloos3rpent > https://www.facebook.com/GrayHatPhantom > https://twitter.com/blooserpent


Vote for this issue:
40%
60%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top