Advertisement






Custom CMS KlikFilm - (Misconfiguration) Bypass Kids Mode Authentication

CVE Category Price Severity
CWE-XXX Unknown Unknown
Author Risk Exploitation Type Date
Unknown Unknown Remote 2021-04-08
CPE
cpe:cpe:/a:hazirklik:custom_cms
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021040048

Below is a copy:

Custom CMS KlikFilm - (Misconfiguration) Bypass Kids Mode Authentication
#############################################################
# Exploit Title: Custom CMS KlikFilm - (Misconfiguration) Bypass Kids Mode Authentication
# Exploit Author: Gh05t666nero
# Author Team: IndoGhostSec
# Google Dork: N/A
# Software Vendor: KlikFilm - klikfilm.com
# Software Version: N/A
# Software Link: N/A
# Tested on: Linux gh05t666nero 5.10.0-kali2-686-pae #1 SMP Debian 5.10.9-1kali1 (2021-01-22) i686 GNU/Linux
# Date: 2021-04-07

#############################################################
[*] Information:

The vulnerability was caused by a misconfiguration by an admin allowing an attacker to bypass the Kids Mode access authentication code with one flick of a finger.

#############################################################
[*] Exploit:

/?km=off - To turn off kids mode

#############################################################
[*] Demo:

Visit: https://www.anonsec.my.id/2021/04/bypass-fitur-kids-mode-klikfilm.html

#############################################################
[*] Contact:

# Instagram: instagram.com/ojan_.py
# Telegram : t.me/Gh05t666nero
# Twitter: twitter.com/Gh05t666nero1
# Blogger: anonsec.my.id
# E-mail : [email protected]

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum