Custom CMS KlikFilm - (Misconfiguration) Bypass Kids Mode Authentication

2021.04.08
id Gh05t666nero (ID) id
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

############################################################# # Exploit Title: Custom CMS KlikFilm - (Misconfiguration) Bypass Kids Mode Authentication # Exploit Author: Gh05t666nero # Author Team: IndoGhostSec # Google Dork: N/A # Software Vendor: KlikFilm - klikfilm.com # Software Version: N/A # Software Link: N/A # Tested on: Linux gh05t666nero 5.10.0-kali2-686-pae #1 SMP Debian 5.10.9-1kali1 (2021-01-22) i686 GNU/Linux # Date: 2021-04-07 ############################################################# [*] Information: ════════════════ The vulnerability was caused by a misconfiguration by an admin allowing an attacker to bypass the Kids Mode access authentication code with one flick of a finger. ############################################################# [*] Exploit: ════════════ /?km=off - To turn off kids mode ############################################################# [*] Demo: ═════════ Visit: https://www.anonsec.my.id/2021/04/bypass-fitur-kids-mode-klikfilm.html ############################################################# [*] Contact: ════════════ # Instagram: instagram.com/ojan_.py # Telegram : t.me/Gh05t666nero # Twitter: twitter.com/Gh05t666nero1 # Blogger: anonsec.my.id # E-mail : anoncentraI@protonmail.com

References:

https://www.anonsec.my.id/2021/04/bypass-fitur-kids-mode-klikfilm.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top