Advertisement






EuroMedya - No Redirect/Admin Panel Bypass

CVE Category Price Severity
N/A CWE-284 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2024-02-03
CVSS
CVSS:4.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024020020

Below is a copy:

EuroMedya - No Redirect/Admin Panel Bypass
TITLE: EuroMedya - No Redirect/Admin Panel Bypass
# Exploit Author: Onur Kara (root9ext)
# Service Provider: www.euromedya.com
# Vulnerable URL: /hafun/main.php
# Dork: -
# Vulnerability Type: No Redirect
# Severity: Critical

Vulnerability Description:
A vulnerability has been identified in websites that utilize the hafun/index.php file as the admin panel. The issue arises when blocking access to the hafun/index.php file and accessing the hafun/main.php file, which leads to the unauthorized discovery of the admin panel.

Proof of Concept (PoC):
URLs:
- https://www.ozkoseoglu.com/hafun/index.php
- http://www.termodin.com.tr/hafun/index.php
- https://www.ertakimya.com/hafun/index.php
etc...

1. Access the admin login page, typically located at: https://www.ozkoseoglu.com/hafun/index.php
2.Block access to the hafun/index.php file.
3.Access the hafun/main.php file, typically located at: https://www.ozkoseoglu.com/hafun/main.php
4.Observe that the admin panel is accessible without redirection, indicating successful discovery of the admin panel.

Contact
Telegram: @rootninext

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.