Dashboard Bypass Register New User or Admin - CXSecurity.com

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1209556 漏洞类型
发布时间 2018-06-10 更新时间 2018-06-10
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2018060093
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
# Exploit Title: Dashboard Bypass Register New User or Admin
# Google Dork: inurl:/dashboard/index.php/login/
# Date: 2018/06/10
# Exploit Author: L4663r666h05t
# Vendor Homepage: -
# Software Link: Chrome & Other Browser
# Version: All Version
# Tested on: Windows 10 x64
# CVE : N/A

1. Dorking on google or other search engine

2. Find the live website to test to exploit

Live Target:
http://lb3.dinkes.tangerangkab.go.id/dashboard/index.php/login/register_baru

3. You can register, type the username, password and email, and go to register
4. Verify the account first, and Login
5. Upload shell on profile photo. Use Tamper data or Burpsuite

To Open Shell, right click on your photo profile, Happy Hacking!!

####################################################

Thanks to: Berandal - Html404 - Mr.Adewa - Vlyn - h0d3_g4n - Morrocan Revolution & IndoXploit

####################################################