Exploit Title: IceHrm Admin Weak Password Author: L4663r666h05t Vendor Homepage: https://icehrm.com/ Source Code: https://github.com/gamonoid/icehrm/ Risk: Medium Dork: intitle:"Ice Hrm Login" intext:"Forgot Password" How to? username/password = admin Note: You can't upload backdoor. Only jpg, upload these picture on profile update. Your path image: http://localhost/path/app/data/randomname.jpg http://localhost/app/data/randomname.jpg Result like: http://ppt.com.qa/HRMS/app/data/profile_image_1.jpg Thanks to Wonka - Mr.Vendetta_404 - Ardynlzu - Finn69 - IndonesianCode.Party - Exploiter.Id
Copyright ©2019 Exploitalert.