bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/40529.txt
Offensive Security d304cc3d3e DB: 2017-11-24 
116602 new exploits

Too many to list!
2017-11-24 20:56:23 +00:00

22 lines
No EOL
1 KiB
Text
Raw Blame History

# Exploit Title: RSS News AutoPilot Script - Admin Panel Authentication Bypass
# Date: 14 October 2016
# Exploit Author: Arbin Godar
# Website : ArbinGodar.com
# Software Link: https://codecanyon.net/item/rss-news-autopilot-script/11812898
# Version: 1.0.1 to 3.1.0
-------------------------------------------------------------------------------
Description:
An Attackers are able to completely takeover the web application using RSS News - AutoPilot Script as they can gain access to the admin panel and manage the website as an admin.
Steps to Reproduce:
Step 1: Add: http://victim-site.com/admin/login.php in a rule list on No-Redirect Extension.
Step 2: Access: http://victim-site.com/admin/index.php
Step 3: Bypassed.
PoC Video: https://www.youtube.com/watch?v=jldF-IPgkds
Impact: Unauthenticated attackers are able to gain full access to the administrator panel and thus have total control over the web application.
Fix/Patch: Make use of PHP exit() or die() function. / Update to latest version.
Reference in a new issue View git blame Copy permalink