Articles by "Pentest"



=====================================================================
Exploit Title : BRIGHTBRIX® Web Producer Add Admin Vulnerability
Author        : Zaenal Arifin
Exploit Date  : September 06, 2018
Software      : https://www.brightbrix.com/
Vendor    : https://www.brightbrix.com/
Version    : -
Home    : www.bandungdigitalsecurity.org
Tested on     : Windows 7/10 64x - BackBox Linux 5.0 64x
Exploit Risk   : Medium
=====================================================================

Proof of Concept :
Search in google browser or another browser and use the dork :
Dashboard for BRIGHTBRIX® Web Producer - Extending the Internet
and us ur brain to develop this dork.

and Use Exploit :
/user_admin/login_page.php?return_url=%2Fxampp%2Flang.php%3Fen

If vuln then you will find a form to create a new account

and fill in the active e-mail, and check your e-mail for activation of the code and creat ur password, if it is then it will go directly to the dashboard page.

Proof : > https://image.ibb.co/jCa2je/Pwnd.png

Demo : https://www.brightbrix.com/user_admin/login_page.php?return_url=%2Fxampp%2Flang.php%3Fen

===========================================
Contact Me  : 
https://www.facebook.com/darkvenom.gov
zaenalarifin.net@gmail.com
===========================================
=====================================================================
Special Thanks to : Familly Team_CC | AnonGhost | MilWorm | TeaMp0is0N | Fallaga Team
=====================================================================


Oke Kembali Lagi Bersama Saya Zaenal Arifin aka Kaizen:) Kali ini saya akan update Tools Local File Inclusion Scanner yang dulu pernah saya share V.1 kali ini saya akan share V.2 , apa yang baru ? sebenar nya tidak ada yang baru disini saya cuman fix beberapa bug yang ada di versi sebelumnya , jika kalian mau recode silahkan tapi ingan copyright or author jangan dihilangkan :) hargai creator , oke langsung saja bagaimana cara kerjanya ?
Windows Instaler : Download Strawberry Perl untuk menjalankan File Perl atau juga bisa menggunakan XAMPP Jika Kalian Tidak Mengetahui Cara Instal Perl di Windows Kalian Bisa Simak Disini
Command :
cd C:/Pentester Tools  < Sesuai Folder Kalian

Perl LFI.pl                        < LFI.pl Nama File Kalian


Linux Instaler :
$ su

$ cd /Pentester Tools      < Sesuai Folder Kalian
$ git clone link                   < Maaf Belum saya Creat kan Repository nya :v nanti ta apdet lagi
$ Perl LFI.pl

Bagaimana Cara Runing ? Perl LFI.pl

Nanti akan Muncul 2 pilihan

ID [1] => Passwd,Log ID [2] => Environ

Kalian Bisa Pilih Fitur Mana yang akan kalian Gunakan

Jika Sudah Selanjutnya Masukan Target
Contoh : http://127.0.0.1/index.php?page=

Lalu Enter
Tools Akan Scan Otomatis :)


Source Code Link : Disini


(Zaenal Arifin)


Zaenal Arifin

{facebook#https://www.facebook.com/darkvenom.gov} {twitter#https://twitter.com/steviefar07} {google-plus#https://plus.google.com/u/0/117673850650242989379} {youtube#https://www.youtube.com/c/KaizenJavaHaxor}

Contact Form

Name

Email *

Message *

Powered by Blogger.
Javascript DisablePlease Enable Javascript To See All Widget