eCart Multi Vendor eCommerce System version 1.x appears to leave a default administrative account in place post installation.
ad9f6094d59a31f8700c54850e304469889ef08ce952a33555979e57e854bd7d
====================================================================================================================================
| # Title : eCart – Multi Vendor eCommerce System 1.x Insecure Settings Vulnerability |
| # Author : indoushka |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit) |
| # Vendor : https://wrteam.in/product/ecart-multi-vendor-ecommerce-system/ |
| # Dork : "Made By WRTEAM." |
====================================================================================================================================
poc :
[+] The vulnerability is about leaving the default settings
During the installation of the script and using the default username and password
[+] Dorking İn Google Or Other Search Enggine.
[+] Use Payload : user=admin & pass=admin123
[+] https://admin.127.0.0.1.org/index.php
Greetings to :=========================================================================================================================
|
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet |
|
=======================================================================================================================================