Advertisement




Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2023010012

Below is a copy:

eCart Web 4.0.0 Insecure Settings
====================================================================================================================================
| # Title     : eCart Web v4.0.0- Multi Vendor eCommerce Marketplace Insecure Settings Vulnerability                               |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Franais V.(Pro) / browser : Mozilla firefox 108.0(64-bit)                                              | 
| # Vendor    : https://codecanyon.net/item/ecart-web-multi-vendor-ecommerce-marketplace/33201609                                  |  
| # Dork      : Copyright  2022 Made By WRTEAM.                                                                                   |
====================================================================================================================================

poc :

[+] The vulnerability is about leaving the default settings
    During the installation of the script and using the default username and password

[+] Dorking n Google Or Other Search Enggine.

[+] Use Payload : user=admin  & pass= admin123

[+] https://127.0.0.1.com/admin/

Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |        
                                                                                                                                      |
=======================================================================================================================================

Copyright ©2023 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.