EuroMedya - No Redirect/Admin Panel Bypass

CVE Category Price Severity
N/A CWE-284 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2024-02-03

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

EuroMedya - No Redirect/Admin Panel Bypass
TITLE: EuroMedya - No Redirect/Admin Panel Bypass
# Exploit Author: Onur Kara (root9ext)
# Service Provider:
# Vulnerable URL: /hafun/main.php
# Dork: -
# Vulnerability Type: No Redirect
# Severity: Critical

Vulnerability Description:
A vulnerability has been identified in websites that utilize the hafun/index.php file as the admin panel. The issue arises when blocking access to the hafun/index.php file and accessing the hafun/main.php file, which leads to the unauthorized discovery of the admin panel.

Proof of Concept (PoC):

1. Access the admin login page, typically located at:
2.Block access to the hafun/index.php file.
3.Access the hafun/main.php file, typically located at:
4.Observe that the admin panel is accessible without redirection, indicating successful discovery of the admin panel.

Telegram: @rootninext

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.