Faweb_2 Mullti Vulnerability

vendor:

Faweb_2

by:

indoushka

8,8

CVSS

HIGH

Multiple Vulnerabilities

N/A

CWE

Product Name: Faweb_2

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)

2009

Faweb_2 Mullti Vulnerability

Faweb_2 is vulnerable to multiple vulnerabilities, including an upload vulnerability and a bypass vulnerability. The upload vulnerability allows an attacker to upload malicious files to the server, while the bypass vulnerability allows an attacker to bypass authentication and gain access to the admin panel. Both vulnerabilities can be exploited by sending a specially crafted HTTP request to the server.

Mitigation:

Apply the latest security patches and ensure that all user accounts have strong passwords.

Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : Faweb_2 Mullti Vulnerability      
| # Author   : indoushka                                                               
| # email    : indoushka@hotmail.com                                                   
| # Home     : www.iqs3cur1ty.com                                                                              
| # Web Site : 
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       
| # Bug      : Mullti                                                                   
======================      Exploit By indoushka       =================================
 # Exploit  : 
 
 1 - http://127.0.0.1/Faweb2.NulL.bY.Eh3an.FaScript.Product/admin/assetmanager/assetmanager.php (2 upload Ev!l)
 
 2 - http://127.0.0.1/Faweb2.NulL.bY.Eh3an.FaScript.Product/admin/main.php (By Pass)

Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ========================
Greetz : 
Exploit-db Team : 
(loneferret+Exploits+dookie2000ca)
all my friend :
His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc)
Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R http://www.ilegalintrusion.net/foro/
www.securityreason.com * www.sa-hacker.com * Cyb3r IntRue (avengers team) * www.alkrsan.net * www.mormoroth.net
---------------------------------------------------------------------------------------------------------------