====================================================================================================================================
| # Title     : blesta 5.4.1 Insecure Settings Vulnerability                                                                       |
| # Author    : indoushka                                                                                                          |
| # Tested on : windows 10 Français V.(Pro) / browser : Mozilla firefox 102.0.1(64-bit)                                            | 
| # Vendor    : https://account.blesta.com/client/plugin/download_manager/client_main/download/209/blesta-5.4.1.zip                |  
| # Dork      : Powered by Blesta, Š Phillips Data, Inc.                                                                           |
====================================================================================================================================

poc :

[+] The vulnerability is about leaving the default settings
    During the installation of the script and using the default username and password

[+] Dorking Ä°n Google Or Other Search Enggine.

[+] Use Payload : user=admin & pass=password 

[+] https://127.0.0.1/blesta/admin/login/

Greetings to :=========================================================================================================================
                                                                                                                                      |
jericho * Larry W. Cashdollar * brutelogic* hyp3rlinx* 9aylas * shadow_00715 * LiquidWorm* moncet                                     |        
                                                                                                                                      |
=======================================================================================================================================