Advertisement






Custom CMS KlikFilm - (Misconfiguration) Bypass Kids Mode Authentication

CVE Category Price Severity
CWE-XXX Unknown Unknown
Author Risk Exploitation Type Date
Unknown Unknown Remote 2021-04-08
CPE
cpe:cpe:/a:hazirklik:custom_cms
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2021040048

Below is a copy:

Custom CMS KlikFilm - (Misconfiguration) Bypass Kids Mode Authentication
#############################################################
# Exploit Title: Custom CMS KlikFilm - (Misconfiguration) Bypass Kids Mode Authentication
# Exploit Author: Gh05t666nero
# Author Team: IndoGhostSec
# Google Dork: N/A
# Software Vendor: KlikFilm - klikfilm.com
# Software Version: N/A
# Software Link: N/A
# Tested on: Linux gh05t666nero 5.10.0-kali2-686-pae #1 SMP Debian 5.10.9-1kali1 (2021-01-22) i686 GNU/Linux
# Date: 2021-04-07

#############################################################
[*] Information:

The vulnerability was caused by a misconfiguration by an admin allowing an attacker to bypass the Kids Mode access authentication code with one flick of a finger.

#############################################################
[*] Exploit:

/?km=off - To turn off kids mode

#############################################################
[*] Demo:

Visit: https://www.anonsec.my.id/2021/04/bypass-fitur-kids-mode-klikfilm.html

#############################################################
[*] Contact:

# Instagram: instagram.com/ojan_.py
# Telegram : t.me/Gh05t666nero
# Twitter: twitter.com/Gh05t666nero1
# Blogger: anonsec.my.id
# E-mail : [email protected]

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.