Exploit Title: Admin Panel Access using Default Credentials
Google Dork: NA
Date: 23 - 02 - 2021
Exploit Author: Shrimant Subhash More (SMshrimant)
Vendor Homepage: https://**********/admin/login.html
Software Link: https://**********/ThinkAdmin
Version: v6.0
Tested on: Ubuntu 20.04.2 LTS x86_64
CVE : CVE-2020-35296
Steps:
- Visit https://*******/admin/login.html
- Enter username as
adminand password asadmin - You'll be logged into Admin Dashboard
Impact:
- As an attacker I can view Sensitive details of all users