bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/40529.txt
Offensive Security f49abcf00f DB: 2016-10-14 
13 new exploits

Linux Kernel 4.6.3 - Netfilter Privilege Escalation (Metasploit)
Linux Kernel 4.6.3 - 'Netfilter' Privilege Escalation (Metasploit)
ASLDRService ATK Hotkey 1.0.69.0 - Unquoted Service Path Privilege Escalation
Thatware 0.4.6 - SQL Injection
InsOnSrv Asus InstantOn 2.3.1.1 - Unquoted Service Path Privilege Escalation
Simple Blog PHP 2.0 - Multiple Vulnerabilities
Simple Blog PHP 2.0 - SQL Injection

Linux Kernel (Ubuntu 14.04.3) - perf_event_open() Can Race with execve() (Access /etc/shadow)
Linux Kernel (Ubuntu 14.04.3) - 'perf_event_open()' Can Race with execve() (Access /etc/shadow)

Simple PHP Blog 0.8.4 - (Add Admin) Cross-Site Request Forgery
Simple PHP Blog 0.8.4 - Cross-Site Request Forgery (Add Admin)

miniblog 1.0.1 - (Add New Post) Cross-Site Request Forgery
miniblog 1.0.1 - Cross-Site Request Forgery (Add New Post)

PHP Press Release - (Add Admin) Cross-Site Request Forgery
PHP Press Release - Cross-Site Request Forgery (Add Admin)
Maian Weblog 4.0 - (Add New Post) Cross-Site Request Forgery
Spacemarc News - (Add New Post) Cross-Site Request Forgery
Maian Weblog 4.0 - Cross-Site Request Forgery (Add New Post)
Spacemarc News - Cross-Site Request Forgery (Add New Post)
BirdBlog 1.4.0 - (Add New Post) Cross-Site Request Forgery
phpEnter 4.2.7 - (Add New Post) Cross-Site Request Forgery
BirdBlog 1.4.0 - Cross-Site Request Forgery (Add New Post)
phpEnter 4.2.7 - Cross-Site Request Forgery (Add New Post)

ApPHP MicroBlog 1.0.2 - (Add New Author) Cross-Site Request Forgery
ApPHP MicroBlog 1.0.2 - Cross-Site Request Forgery (Add New Author)

ApPHP MicroCMS 3.9.5 - (Add Admin) Cross-Site Request Forgery
ApPHP MicroCMS 3.9.5 - Cross-Site Request Forgery (Add Admin)
ATKGFNEXSrv ATKGFNEX 1.0.11.1 - Unquoted Service Path Privilege Escalation
VOX Music Player 2.8.8 - '.pls' Denial of Service
IObit Malware Fighter 4.3.1 - Unquoted Service Path Privilege Escalation
Colorful Blog - Stored Cross Site Scripting
Colorful Blog - Cross-Site Request Forgery (Change Admin Password)
Hotspot Shield 6.0.3 - Unquoted Service Path Privilege Escalation
RSS News AutoPilot Script 1.0.1 / 3.1.0 - Admin Panel Authentication Bypass
JonhCMS 4.5.1 - SQL Injection
2016-10-14 05:01:16 +00:00

22 lines
No EOL
1 KiB
Text
Executable file
Raw Blame History

# Exploit Title: RSS News AutoPilot Script - Admin Panel Authentication Bypass
# Date: 14 October 2016
# Exploit Author: Arbin Godar
# Website : ArbinGodar.com
# Software Link: https://codecanyon.net/item/rss-news-autopilot-script/11812898
# Version: 1.0.1 to 3.1.0
-------------------------------------------------------------------------------
Description:
An Attackers are able to completely takeover the web application using RSS News - AutoPilot Script as they can gain access to the admin panel and manage the website as an admin.
Steps to Reproduce:
Step 1: Add: http://victim-site.com/admin/login.php in a rule list on No-Redirect Extension.
Step 2: Access: http://victim-site.com/admin/index.php
Step 3: Bypassed.
PoC Video: https://www.youtube.com/watch?v=jldF-IPgkds
Impact: Unauthenticated attackers are able to gain full access to the administrator panel and thus have total control over the web application.
Fix/Patch: Make use of PHP exit() or die() function. / Update to latest version.
Reference in a new issue View git blame Copy permalink