Advertisement






hyiplab 2.1 Default Credentials

CVE Category Price Severity
N/A CWE-287 N/A High
Author Risk Exploitation Type Date
Unknown High Remote 2023-05-24
CVSS
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023050060

Below is a copy:

hyiplab 2.1 Default Credentials
====================================================================================================================================
| # Title     : hyiplab V2.1 Insecure Settings Vulnerability                                                                       |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Franais V.(Pro) / browser : Mozilla firefox 108.0(64-bit)                                              | 
| # Vendor    : https://appdevs.net/                                                                                               |  
| # Dork      : "Every balance subtracting transactions need OTP verification so You can feel safe about your funds."              |
====================================================================================================================================

poc :

[+] The vulnerability is about leaving the default settings
    During the installation of the script and using the default username and password

[+] Dorking n Google Or Other Search Enggine.

[+] Use Payload : user=admin  & pass= admin

[+] https://127.0.0.1/hyiplab/admin/dashboard

Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |        
                                                                                                                                      |
=======================================================================================================================================

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.